| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2013, 13:49
| #1 |
 |  Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Liebes Forum, seit gestern habe ich folgendes Problem: wenn ich in Mozilla Firefox mehrere Tabs offen habe, bleibt der Computer öfter für einige Minuten hängen ("Firefox reagiert nicht" Meldung). Zusätzlich öffnen sich plötzlich Programme auf meinem Desktop, bis jetzt Word, Windows Live Fotogalerie, Elster (!) und Windows Media Player. Ich habe deswegen Malwarebytes installiert und drüber laufen lassen, aber es findet nichts ("keine bösartigen Objekte gefunden"). Mein normales Antiviren Program Antivir findet auch nichts. Deswegen habe ich mit HijackThis eine Logfile erstellt und sie auf der Website von HijackThis überprüfen lassen. Es wurden 3 evtl schädliche Prozesse gefunden, nämlich: C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\notepad.exe Ich soll ein Virenprogram laufen lassen - habe ich aber ja bereits, ohne Erfolg. Seht Ihr etwas auffälliges an der File bzw könnt mir sagen, wie ich am besten weiter vorgehen soll? Danke und viele Grüße, jojo Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:17:42, on 22.02.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\DCSHelper.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\PDF24\pdf24.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe Q:\140066.deu\Office14\WINWORDC.EXE Q:\140066.deu\Office14\OffSpon.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Q:\140066.deu\Office14\WINWORDC.EXE Q:\140066.deu\Office14\OffSpon.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\notepad.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\notepad.exe C:\FreeOCR\FreeOCR.exe C:\Users\Yamanthanka\Downloads\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://g.uk.msn.com/HPNOT/9 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/9 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/9 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://g.uk.msn.com/HPNOT/9 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1718676208-496255785-1622115151-1000\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin (User 'Yamanthanka') O4 - S-1-5-21-1718676208-496255785-1622115151-1000 Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Yamanthanka') O4 - S-1-5-21-1718676208-496255785-1622115151-1000 User Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Yamanthanka') O4 - Global Startup: PGP Tray.lnk = ? O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{1D84CDC4-2775-4841-A6CC-353C216AE6A0}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\..\{3956CDCB-8844-460A-B9DD-E449BFB99941}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E06E7C-1304-453F-9A4B-6B10A2B85022}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0EAA3B-E8E8-429D-952F-9F7F6C8A16E4}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB6E22A4-8A43-4FE0-99E6-0F2E089A9796}: NameServer = 193.189.244.206 193.189.244.225 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: PGPmapih.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files\Mobile Partner\UpdateDog\ouc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: PGP RDD Service - Symantec Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe -- End of file - 12182 bytes |
|
22.02.2013, 15:41
| #2 |
| /// Malware-holic   | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Hi
__________________ja ich sehe etwas, du hast unsere Anleitungen nicht gelesen, hijackthis wird nicht mehr weiterentwickelt, daher vergiss das tool mal ganz schnell. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
22.02.2013, 17:00
| #3 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Sorry, hatte die Anleitung nicht gesehen. Jetzt habe ich alles gelesen und werde versuchen, mich daran zu halten...
__________________Hier der otl.txt: Code:
ATTFilter OTL logfile created on: 22.02.2013 16:00:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yamanthanka\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1011,87 Mb Total Physical Memory | 176,18 Mb Available Physical Memory | 17,41% Memory free 2,42 Gb Paging File | 0,70 Gb Available in Paging File | 29,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 280,98 Gb Total Space | 236,57 Gb Free Space | 84,20% Space Free | Partition Type: NTFS Drive D: | 12,95 Gb Total Space | 1,43 Gb Free Space | 11,06% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,09 Gb Free Space | 27,56% Space Free | Partition Type: FAT32 Computer Name: YAMANTHANKA-HP | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.22 15:55:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yamanthanka\Desktop\OTL.exe PRC - [2013.02.08 16:48:20 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.13 11:37:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 12:08:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 12:08:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 12:08:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.23 00:23:58 | 001,588,456 | ---- | M] (Symantec Corporation) -- C:\Programme\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2012.03.23 00:23:54 | 003,934,296 | ---- | M] (Symantec Corporation) -- C:\Programme\PGP Corporation\PGP Desktop\PGPtray.exe PRC - [2012.02.13 08:49:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.07 23:22:21 | 000,239,968 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012.01.04 14:22:40 | 003,208,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.06.30 14:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2011.06.30 14:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.04.08 09:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.17 15:44:18 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe PRC - [2011.03.14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.15 14:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe PRC - [2011.02.15 14:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.01.27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.11 01:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.02.08 16:48:20 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2013.01.22 14:55:31 | 001,917,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\c055f2cf0d4604170c1702e470df8827\System.Speech.ni.dll MOD - [2013.01.22 14:54:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll MOD - [2013.01.22 14:54:19 | 009,922,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\04be51ee3cc47fbd5cbdc8761879a145\System.Data.Entity.ni.dll MOD - [2013.01.22 14:51:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.21 17:21:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.21 17:21:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.21 17:21:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.21 11:41:41 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013.01.21 11:40:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.21 11:39:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.21 11:39:17 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013.01.21 11:39:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.21 11:38:51 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.21 11:37:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.21 11:35:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.21 11:34:46 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.21 11:33:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.21 11:33:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.21 11:32:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\156a6215a427bcec551e294300c096e6\System.Configuration.ni.dll MOD - [2013.01.21 11:32:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.21 11:32:04 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.02.13 08:49:50 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.01.10 15:30:21 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.07.16 06:04:54 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll MOD - [2011.07.16 06:04:17 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2011.07.16 06:04:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.07.15 21:11:07 | 000,869,888 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2011.07.15 20:53:39 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2011.07.15 20:53:39 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2010.11.20 22:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.24 01:21:04 | 000,904,704 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE MOD - [2010.01.01 00:16:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2010.01.01 00:15:48 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2010.01.01 00:15:13 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59cf850ee6b2a003167700b648ba9c7\System.Windows.Forms.ni.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2013.02.08 16:48:21 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.18 19:59:01 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 12:08:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 12:08:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.23 00:23:58 | 001,588,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2012.01.07 23:22:21 | 000,239,968 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.30 14:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.15 14:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.11 01:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 12:08:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 12:08:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.03.23 00:23:56 | 000,311,328 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded) DRV - [2012.03.23 00:23:56 | 000,014,704 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPwdefs.sys -- (Pgpwdefs) DRV - [2012.03.23 00:23:50 | 000,041,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV - [2012.03.23 00:23:38 | 000,144,456 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPfsfd.sys -- (pgpfs) DRV - [2012.03.23 00:23:36 | 000,244,360 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk) DRV - [2012.01.07 23:22:22 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb) DRV - [2012.01.07 23:22:22 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.01.07 23:22:22 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.01.07 23:22:22 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.30 14:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010.12.02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/9 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/9 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{CAEA0065-1087-4576-87F3-706875F3B9CA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/9 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{CAEA0065-1087-4576-87F3-706875F3B9CA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=4.0: C:\Program Files\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=4.0: C:\Program Files\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.13 08:49:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.18 19:59:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.17 11:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.16 11:29:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.17 11:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2012.02.13 08:49:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.13 08:49:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 08:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 08:49:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 08:49:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 08:49:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 08:49:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (Symantec Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PGPlsp.dll (Symantec Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14FFD4DD-F367-4B60-BB72-5048195C6EC7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D84CDC4-2775-4841-A6CC-353C216AE6A0}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3956CDCB-8844-460A-B9DD-E449BFB99941}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5308BC1F-38A6-48DE-A538-CD7253E32946}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E06E7C-1304-453F-9A4B-6B10A2B85022}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0EAA3B-E8E8-429D-952F-9F7F6C8A16E4}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB6E22A4-8A43-4FE0-99E6-0F2E089A9796}: NameServer = 193.189.244.206 193.189.244.225 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.22 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PGP Corporation [2013.02.22 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PGP Corporation [2013.02.22 12:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2013.02.22 11:38:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.02.22 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.22 11:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.22 11:38:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.22 11:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.22 11:37:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.02.14 22:59:04 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\System32\ImageEnXLibrary.ocx [2013.02.14 22:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR [2013.02.14 22:58:57 | 000,000,000 | ---D | C] -- C:\FreeOCR [2013.02.14 22:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2013.02.14 22:21:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CrashDumps [2013.02.14 22:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleOCR [2013.02.14 22:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR [2013.02.02 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.02.02 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.02.02 13:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.22 15:48:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.22 12:16:20 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 12:16:20 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 11:38:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.22 09:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.21 11:28:26 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.02.21 09:24:20 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 10:11:38 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2013.02.14 22:59:07 | 000,000,590 | ---- | M] () -- C:\Users\Admin\Desktop\FreeOCR.lnk [2013.02.03 13:24:49 | 000,000,056 | ---- | M] () -- C:\Windows\system32err.xml [2013.02.02 13:11:14 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.22 11:38:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.20 10:11:38 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2013.02.14 22:59:07 | 000,000,590 | ---- | C] () -- C:\Users\Admin\Desktop\FreeOCR.lnk [2013.02.03 13:24:44 | 000,000,056 | ---- | C] () -- C:\Windows\system32err.xml [2013.02.02 13:11:14 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.11.19 10:41:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.11.19 10:41:16 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT [2012.03.23 00:24:14 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig [2011.07.16 06:07:09 | 002,605,752 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.07.16 06:07:09 | 000,753,942 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.07.16 06:07:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.07.16 06:07:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.06.26 00:37:04 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2011.06.26 00:35:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.03.03 20:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.02 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox [2012.02.13 11:46:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2013.02.22 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PGP Corporation [2012.01.12 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.12 11:05:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.18 20:02:11 | 000,000,000 | ---D | M] -- C:\41e3d6f4541864a9549d [2012.03.07 17:42:25 | 000,000,000 | ---D | M] -- C:\5484fd8925ee96bc2827784400 [2011.07.16 07:24:30 | 000,000,000 | -HSD | M] -- C:\boot [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.07 22:45:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.02.22 12:56:21 | 000,000,000 | ---D | M] -- C:\FreeOCR [2011.06.26 00:55:57 | 000,000,000 | -H-D | M] -- C:\HP [2011.06.26 00:29:17 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.22 12:20:50 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.22 11:38:13 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.07 22:45:39 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.07 22:46:44 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.07 22:46:40 | 000,000,000 | ---D | M] -- C:\SWSetup [2013.02.22 16:06:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.07 22:46:51 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2012.01.12 11:05:06 | 000,000,000 | R--D | M] -- C:\Users [2013.02.20 10:11:38 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 05:53:46 | 000,032,618 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013.01.04 09:18:51 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTOR.SYS > [2010.11.05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys [2010.11.05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_31e922a8dd4b16bd\iaStor.sys < MD5 for: IASTORV.SYS > [2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.02.22 16:01:23 | 000,786,432 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2013.02.22 16:01:23 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1 [2012.01.12 11:05:08 | 000,000,000 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2 [2012.08.02 09:14:30 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{18c7d87a-f2eb-11e1-905c-001e101fb681}.TM.blf [2012.08.02 09:14:30 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{18c7d87a-f2eb-11e1-905c-001e101fb681}.TMContainer00000000000000000001.regtrans-ms [2012.08.02 09:14:30 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{18c7d87a-f2eb-11e1-905c-001e101fb681}.TMContainer00000000000000000002.regtrans-ms [2012.01.12 16:49:31 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.01.12 16:49:31 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.01.12 16:49:31 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.01.16 10:08:11 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6f629e96-5e40-11e2-b731-101f74c6e696}.TM.blf [2013.01.16 10:08:10 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6f629e96-5e40-11e2-b731-101f74c6e696}.TMContainer00000000000000000001.regtrans-ms [2013.01.16 10:08:11 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6f629e96-5e40-11e2-b731-101f74c6e696}.TMContainer00000000000000000002.regtrans-ms [2012.07.16 10:59:05 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{baa910ec-cf1e-11e1-9934-001e101f8aaa}.TM.blf [2012.07.16 10:59:05 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{baa910ec-cf1e-11e1-9934-001e101f8aaa}.TMContainer00000000000000000001.regtrans-ms [2012.07.16 10:59:05 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{baa910ec-cf1e-11e1-9934-001e101f8aaa}.TMContainer00000000000000000002.regtrans-ms [2012.01.12 11:05:08 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.02.2013 16:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yamanthanka\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1011,87 Mb Total Physical Memory | 176,18 Mb Available Physical Memory | 17,41% Memory free
2,42 Gb Paging File | 0,70 Gb Available in Paging File | 29,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280,98 Gb Total Space | 236,57 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive D: | 12,95 Gb Total Space | 1,43 Gb Free Space | 11,06% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,09 Gb Free Space | 27,56% Space Free | Partition Type: FAT32
Computer Name: YAMANTHANKA-HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42D1D2FF-6678-4CE1-B566-33A502021BA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C97FFDB2-5C4D-4E58-9D50-4898D21F6541}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20386AE5-B695-4BA7-99AE-2B9EF66E40D9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3D1189D3-D08A-411D-BDBB-783A8670AD77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6118C0C7-29E4-4179-B4AD-2E1FFD79B816}" = protocol=6 | dir=in | app=c:\users\yamanthanka\appdata\roaming\dropbox\bin\dropbox.exe |
"{707B239A-48AD-40AF-84A6-B079C72B2248}" = protocol=17 | dir=in | app=c:\users\yamanthanka\appdata\roaming\dropbox\bin\dropbox.exe |
"{9339F826-CED9-4679-926C-837EDDD30EC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5904EEC-36E3-4575-8036-E41415A17904}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C4FBAF4-60A3-4BD2-BBA0-AAA3A4A6625E}" = HP Software Framework
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7FF02DA5-208C-4498-B55A-AD23E0E76136}" = PGP Desktop
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE91712-EDDE-4262-9EC2-691BAADA55D1}" = HP QuickWeb
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD63F5EF-A0DC-4E5E-8200-E5703531D649}" = HP Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4736E41-9A74-4000-BF3E-401812E5B395}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"freeocr_is1" = FreeOCR v4.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087385" = JoJo's Fashion Show
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089484" = Namco All-Stars PAC-MAN
"WT089493" = Fishdom
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.01.2013 06:06:46 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.01.2013 06:06:46 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.01.2013 06:06:46 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "SMSvcHost 4.0.0.0" (SMSvcHost 4.0.0.0). Der Fehlercode ist das erste
DWORD im Datenbereich.
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 21.01.2013 06:29:25 | Computer Name = Yamanthanka-HP | Source = WinMgmt | ID = 10
Description =
[ HP Connection Manager Events ]
Error - 14.02.2013 19:03:17 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/15 00:03:17.675|000016EC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 14.02.2013 19:04:15 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/15 00:04:15.442|000016EC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 31.12.2009 19:08:05 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2010/01/01 00:08:05.869|000016EC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 31.12.2009 19:08:11 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2010/01/01 00:08:11.610|000016EC|Error |CWLAN::StateChanged|Fire_StateChanged
failed [hr:0x800706BA]
Error - 20.02.2013 05:12:31 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/20 10:12:31.313|00001648|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 21.02.2013 04:23:03 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/21 09:23:03.633|00000860|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 21.02.2013 04:23:06 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/21 09:23:06.784|00000860|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 21.02.2013 04:23:08 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/21 09:23:08.781|00000860|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 21.02.2013 17:41:46 | Computer Name = Yamanthanka-HP | Source = hpMobile | ID = 5
Description = 2013.02.21 22:41:40.485|000013A4|Error |[HP.Mobile]Wwan::a{void()}|
Error - 21.02.2013 19:03:18 | Computer Name = Yamanthanka-HP | Source = hpMobile | ID = 5
Description = 2013.02.22 00:03:18.225|000013A4|Error |[HP.Mobile]Wwan::a{void()}|
[ System Events ]
Error - 30.01.2013 13:43:18 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP Software Framework Service erreicht.
Error - 30.01.2013 13:43:22 | Computer Name = Yamanthanka-HP | Source = DCOM | ID = 10005
Description =
Error - 30.01.2013 13:43:22 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Software Framework Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 30.01.2013 19:10:34 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 31.01.2013 03:17:49 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 31.01.2013 09:55:11 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 01.02.2013 07:41:17 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 01.02.2013 19:54:21 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 02.02.2013 06:06:00 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst hpqwmiex erreicht.
Error - 02.02.2013 08:03:28 | Computer Name = Yamanthanka-HP | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
22.02.2013, 17:08
| #4 |
| /// Malware-holic | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Hi, is ja alles kein Problem. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2013, 17:26
| #5 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Hm, hat nichts gefunden... Code:
ATTFilter 17:18:56.0388 1252 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:18:56.0934 1252 ============================================================
17:18:56.0934 1252 Current date / time: 2013/02/22 17:18:56.0934
17:18:56.0934 1252 SystemInfo:
17:18:56.0934 1252
17:18:56.0934 1252 OS Version: 6.1.7601 ServicePack: 1.0
17:18:56.0934 1252 Product type: Workstation
17:18:56.0934 1252 ComputerName: YAMANTHANKA-HP
17:18:56.0934 1252 UserName: Admin
17:18:56.0934 1252 Windows directory: C:\Windows
17:18:56.0934 1252 System windows directory: C:\Windows
17:18:56.0934 1252 Processor architecture: Intel x86
17:18:56.0934 1252 Number of processors: 4
17:18:56.0934 1252 Page size: 0x1000
17:18:56.0934 1252 Boot type: Normal boot
17:18:56.0934 1252 ============================================================
17:18:59.0399 1252 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:18:59.0493 1252 ============================================================
17:18:59.0493 1252 \Device\Harddisk0\DR0:
17:18:59.0493 1252 MBR partitions:
17:18:59.0493 1252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:18:59.0493 1252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x231F5000
17:18:59.0493 1252 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23259000, BlocksNum 0x19E5800
17:18:59.0493 1252 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EFAB0
17:18:59.0493 1252 ============================================================
17:18:59.0571 1252 C: <-> \Device\Harddisk0\DR0\Partition2
17:18:59.0633 1252 D: <-> \Device\Harddisk0\DR0\Partition3
17:18:59.0680 1252 E: <-> \Device\Harddisk0\DR0\Partition4
17:18:59.0727 1252 ============================================================
17:18:59.0727 1252 Initialize success
17:18:59.0727 1252 ============================================================
17:20:26.0948 3356 ============================================================
17:20:26.0948 3356 Scan started
17:20:26.0948 3356 Mode: Manual; SigCheck; TDLFS;
17:20:26.0948 3356 ============================================================
17:20:30.0161 3356 ================ Scan system memory ========================
17:20:30.0161 3356 System memory - ok
17:20:30.0161 3356 ================ Scan services =============================
17:20:30.0442 3356 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:20:31.0253 3356 1394ohci - ok
17:20:31.0331 3356 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:20:31.0378 3356 ACPI - ok
17:20:31.0409 3356 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:20:31.0503 3356 AcpiPmi - ok
17:20:31.0628 3356 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:31.0674 3356 AdobeARMservice - ok
17:20:31.0768 3356 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:20:31.0815 3356 AdobeFlashPlayerUpdateSvc - ok
17:20:31.0877 3356 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:20:31.0924 3356 adp94xx - ok
17:20:31.0971 3356 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:20:32.0018 3356 adpahci - ok
17:20:32.0049 3356 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:20:32.0080 3356 adpu320 - ok
17:20:32.0127 3356 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:20:32.0361 3356 AeLookupSvc - ok
17:20:32.0439 3356 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
17:20:32.0564 3356 AESTFilters - ok
17:20:32.0610 3356 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:20:32.0751 3356 AFD - ok
17:20:32.0782 3356 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:20:32.0829 3356 agp440 - ok
17:20:32.0860 3356 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:20:32.0907 3356 aic78xx - ok
17:20:32.0969 3356 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:20:33.0219 3356 ALG - ok
17:20:33.0250 3356 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:20:33.0297 3356 aliide - ok
17:20:33.0328 3356 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:20:33.0359 3356 amdagp - ok
17:20:33.0390 3356 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:20:33.0422 3356 amdide - ok
17:20:33.0453 3356 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:20:33.0500 3356 AmdK8 - ok
17:20:33.0531 3356 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:20:33.0593 3356 AmdPPM - ok
17:20:33.0640 3356 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:20:33.0671 3356 amdsata - ok
17:20:33.0718 3356 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:20:33.0749 3356 amdsbs - ok
17:20:33.0780 3356 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:20:33.0812 3356 amdxata - ok
17:20:33.0874 3356 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:20:33.0936 3356 AntiVirSchedulerService - ok
17:20:33.0983 3356 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:20:33.0999 3356 AntiVirService - ok
17:20:34.0046 3356 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:20:34.0124 3356 AppID - ok
17:20:34.0170 3356 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:20:34.0248 3356 AppIDSvc - ok
17:20:34.0280 3356 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:20:34.0389 3356 Appinfo - ok
17:20:34.0420 3356 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
17:20:34.0451 3356 arc - ok
17:20:34.0514 3356 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:20:34.0545 3356 arcsas - ok
17:20:34.0560 3356 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:34.0701 3356 AsyncMac - ok
17:20:34.0748 3356 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:20:34.0779 3356 atapi - ok
17:20:34.0826 3356 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:20:34.0935 3356 AudioEndpointBuilder - ok
17:20:34.0966 3356 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:20:35.0044 3356 Audiosrv - ok
17:20:35.0091 3356 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:20:35.0184 3356 avgntflt - ok
17:20:35.0200 3356 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:20:35.0247 3356 avipbb - ok
17:20:35.0278 3356 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:20:35.0309 3356 avkmgr - ok
17:20:35.0340 3356 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:20:35.0450 3356 AxInstSV - ok
17:20:35.0496 3356 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
17:20:35.0606 3356 b06bdrv - ok
17:20:35.0652 3356 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:20:35.0715 3356 b57nd60x - ok
17:20:35.0793 3356 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:20:35.0824 3356 BBSvc - ok
17:20:35.0902 3356 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
17:20:35.0996 3356 BCM43XX - ok
17:20:36.0027 3356 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:20:36.0136 3356 BDESVC - ok
17:20:36.0167 3356 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:20:36.0245 3356 Beep - ok
17:20:36.0292 3356 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:20:36.0401 3356 BFE - ok
17:20:36.0432 3356 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:20:36.0557 3356 BITS - ok
17:20:36.0604 3356 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:20:36.0651 3356 blbdrive - ok
17:20:36.0682 3356 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:20:36.0744 3356 bowser - ok
17:20:36.0776 3356 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:20:36.0869 3356 BrFiltLo - ok
17:20:36.0916 3356 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:20:36.0994 3356 BrFiltUp - ok
17:20:37.0056 3356 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:20:37.0181 3356 Browser - ok
17:20:37.0228 3356 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:20:37.0290 3356 Brserid - ok
17:20:37.0322 3356 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:20:37.0368 3356 BrSerWdm - ok
17:20:37.0400 3356 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:20:37.0462 3356 BrUsbMdm - ok
17:20:37.0493 3356 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:20:37.0556 3356 BrUsbSer - ok
17:20:37.0571 3356 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:20:37.0634 3356 BTHMODEM - ok
17:20:37.0696 3356 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:20:37.0774 3356 bthserv - ok
17:20:37.0821 3356 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:20:37.0899 3356 cdfs - ok
17:20:37.0961 3356 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:20:38.0024 3356 cdrom - ok
17:20:38.0055 3356 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:20:38.0148 3356 CertPropSvc - ok
17:20:38.0180 3356 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
17:20:38.0226 3356 circlass - ok
17:20:38.0258 3356 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:20:38.0304 3356 CLFS - ok
17:20:38.0382 3356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:38.0414 3356 clr_optimization_v2.0.50727_32 - ok
17:20:38.0492 3356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:38.0523 3356 clr_optimization_v4.0.30319_32 - ok
17:20:38.0523 3356 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:20:38.0585 3356 CmBatt - ok
17:20:38.0616 3356 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:20:38.0648 3356 cmdide - ok
17:20:38.0679 3356 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:20:38.0819 3356 CNG - ok
17:20:38.0866 3356 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:20:38.0913 3356 Compbatt - ok
17:20:38.0928 3356 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:20:39.0022 3356 CompositeBus - ok
17:20:39.0038 3356 COMSysApp - ok
17:20:39.0084 3356 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:20:39.0116 3356 crcdisk - ok
17:20:39.0194 3356 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:20:39.0287 3356 CryptSvc - ok
17:20:39.0396 3356 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:20:39.0474 3356 cvhsvc - ok
17:20:39.0521 3356 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:20:39.0630 3356 DcomLaunch - ok
17:20:39.0677 3356 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:20:39.0771 3356 defragsvc - ok
17:20:39.0818 3356 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:20:39.0911 3356 DfsC - ok
17:20:39.0974 3356 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:20:40.0067 3356 Dhcp - ok
17:20:40.0083 3356 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:20:40.0176 3356 discache - ok
17:20:40.0223 3356 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
17:20:40.0254 3356 Disk - ok
17:20:40.0286 3356 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:20:40.0395 3356 Dnscache - ok
17:20:40.0426 3356 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:20:40.0520 3356 dot3svc - ok
17:20:40.0551 3356 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:20:40.0644 3356 DPS - ok
17:20:40.0676 3356 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:20:40.0738 3356 drmkaud - ok
17:20:40.0785 3356 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:20:40.0847 3356 DXGKrnl - ok
17:20:40.0878 3356 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:20:40.0972 3356 EapHost - ok
17:20:41.0097 3356 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
17:20:41.0315 3356 ebdrv - ok
17:20:41.0346 3356 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:20:41.0471 3356 EFS - ok
17:20:41.0549 3356 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:20:41.0627 3356 ehRecvr - ok
17:20:41.0658 3356 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:20:41.0705 3356 ehSched - ok
17:20:41.0752 3356 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:20:41.0814 3356 elxstor - ok
17:20:41.0830 3356 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:20:41.0892 3356 ErrDev - ok
17:20:41.0955 3356 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:20:42.0064 3356 EventSystem - ok
17:20:42.0126 3356 [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
17:20:42.0220 3356 ewusbmbb - ok
17:20:42.0267 3356 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
17:20:42.0360 3356 ew_hwusbdev - ok
17:20:42.0376 3356 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:20:42.0563 3356 exfat - ok
17:20:42.0610 3356 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:20:42.0688 3356 fastfat - ok
17:20:42.0735 3356 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:20:42.0828 3356 Fax - ok
17:20:42.0860 3356 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
17:20:42.0922 3356 fdc - ok
17:20:42.0953 3356 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:20:43.0047 3356 fdPHost - ok
17:20:43.0062 3356 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:20:43.0140 3356 FDResPub - ok
17:20:43.0172 3356 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:20:43.0203 3356 FileInfo - ok
17:20:43.0218 3356 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:20:43.0312 3356 Filetrace - ok
17:20:43.0343 3356 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:20:43.0390 3356 flpydisk - ok
17:20:43.0421 3356 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:20:43.0484 3356 FltMgr - ok
17:20:43.0546 3356 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:20:43.0686 3356 FontCache - ok
17:20:43.0733 3356 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:43.0764 3356 FontCache3.0.0.0 - ok
17:20:43.0811 3356 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:20:43.0842 3356 FsDepends - ok
17:20:43.0874 3356 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:20:43.0905 3356 Fs_Rec - ok
17:20:43.0952 3356 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:20:43.0998 3356 fvevol - ok
17:20:44.0045 3356 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:20:44.0076 3356 gagp30kx - ok
17:20:44.0154 3356 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
17:20:44.0201 3356 GamesAppService - ok
17:20:44.0248 3356 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:20:44.0342 3356 gpsvc - ok
17:20:44.0373 3356 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:20:44.0482 3356 hcw85cir - ok
17:20:44.0529 3356 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:20:44.0591 3356 HdAudAddService - ok
17:20:44.0638 3356 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:20:44.0685 3356 HDAudBus - ok
17:20:44.0732 3356 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:20:44.0778 3356 HidBatt - ok
17:20:44.0810 3356 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:20:44.0856 3356 HidBth - ok
17:20:44.0903 3356 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:20:44.0966 3356 HidIr - ok
17:20:45.0012 3356 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:20:45.0090 3356 hidserv - ok
17:20:45.0153 3356 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:20:45.0215 3356 HidUsb - ok
17:20:45.0246 3356 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:20:45.0309 3356 hkmsvc - ok
17:20:45.0340 3356 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:20:45.0449 3356 HomeGroupListener - ok
17:20:45.0480 3356 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:20:45.0543 3356 HomeGroupProvider - ok
17:20:45.0636 3356 [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
17:20:45.0668 3356 HP Health Check Service - ok
17:20:45.0714 3356 [ DFEC85328A07E518B4DBDF43BBBA5740 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:20:45.0746 3356 HPClientSvc - ok
17:20:45.0824 3356 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
17:20:45.0886 3356 hpCMSrv - ok
17:20:45.0948 3356 [ 14E3C3E8434D7F92C0496A1AF8503061 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:20:45.0964 3356 HPDrvMntSvc.exe - ok
17:20:46.0042 3356 [ 33C884A6BDD35F22E3C2BDDC55BC13DE ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
17:20:46.0120 3356 hpqwmiex - ok
17:20:46.0136 3356 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:20:46.0182 3356 HpSAMD - ok
17:20:46.0245 3356 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:20:46.0260 3356 HPWMISVC - ok
17:20:46.0323 3356 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:20:46.0401 3356 HTTP - ok
17:20:46.0448 3356 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
17:20:46.0510 3356 huawei_enumerator - ok
17:20:46.0557 3356 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:20:46.0635 3356 hwdatacard - ok
17:20:46.0728 3356 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
17:20:46.0775 3356 HWDeviceService.exe - ok
17:20:46.0806 3356 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:20:46.0838 3356 hwpolicy - ok
17:20:46.0884 3356 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:20:46.0947 3356 i8042prt - ok
17:20:47.0025 3356 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:20:47.0056 3356 iaStor - ok
17:20:47.0118 3356 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:20:47.0134 3356 IAStorDataMgrSvc - ok
17:20:47.0196 3356 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:20:47.0243 3356 iaStorV - ok
17:20:47.0321 3356 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:47.0415 3356 idsvc - ok
17:20:47.0586 3356 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:20:47.0867 3356 igfx - ok
17:20:47.0914 3356 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:20:47.0945 3356 iirsp - ok
17:20:48.0008 3356 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:20:48.0117 3356 IKEEXT - ok
17:20:48.0179 3356 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:20:48.0210 3356 intelide - ok
17:20:48.0257 3356 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:20:48.0304 3356 intelppm - ok
17:20:48.0335 3356 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:20:48.0413 3356 IPBusEnum - ok
17:20:48.0476 3356 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:48.0554 3356 IpFilterDriver - ok
17:20:48.0616 3356 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:20:48.0710 3356 iphlpsvc - ok
17:20:48.0741 3356 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:20:48.0772 3356 IPMIDRV - ok
17:20:48.0819 3356 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:20:48.0897 3356 IPNAT - ok
17:20:48.0928 3356 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:20:49.0006 3356 IRENUM - ok
17:20:49.0037 3356 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:20:49.0068 3356 isapnp - ok
17:20:49.0100 3356 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:20:49.0146 3356 iScsiPrt - ok
17:20:49.0193 3356 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:20:49.0224 3356 kbdclass - ok
17:20:49.0318 3356 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:20:49.0365 3356 kbdhid - ok
17:20:49.0396 3356 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:20:49.0427 3356 KeyIso - ok
17:20:49.0458 3356 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:20:49.0505 3356 KSecDD - ok
17:20:49.0536 3356 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:20:49.0568 3356 KSecPkg - ok
17:20:49.0614 3356 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:20:49.0708 3356 KtmRm - ok
17:20:49.0770 3356 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:20:49.0880 3356 LanmanServer - ok
17:20:49.0926 3356 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:20:50.0020 3356 LanmanWorkstation - ok
17:20:50.0067 3356 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:20:50.0160 3356 lltdio - ok
17:20:50.0192 3356 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:20:50.0285 3356 lltdsvc - ok
17:20:50.0332 3356 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:20:50.0410 3356 lmhosts - ok
17:20:50.0472 3356 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:20:50.0519 3356 LSI_FC - ok
17:20:50.0550 3356 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:20:50.0597 3356 LSI_SAS - ok
17:20:50.0613 3356 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:20:50.0644 3356 LSI_SAS2 - ok
17:20:50.0660 3356 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:20:50.0706 3356 LSI_SCSI - ok
17:20:50.0753 3356 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:20:50.0831 3356 luafv - ok
17:20:50.0894 3356 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:20:50.0925 3356 MBAMProtector - ok
17:20:50.0987 3356 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:20:51.0034 3356 MBAMScheduler - ok
17:20:51.0096 3356 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:51.0143 3356 MBAMService - ok
17:20:51.0190 3356 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:20:51.0237 3356 Mcx2Svc - ok
17:20:51.0268 3356 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
17:20:51.0299 3356 megasas - ok
17:20:51.0362 3356 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:20:51.0393 3356 MegaSR - ok
17:20:51.0440 3356 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:20:51.0533 3356 MMCSS - ok
17:20:51.0611 3356 [ 60AC73EB57682F361E07AE26A62DFD6A ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
17:20:51.0642 3356 Mobile Partner. RunOuc - ok
17:20:51.0674 3356 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:20:51.0767 3356 Modem - ok
17:20:51.0814 3356 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:20:51.0861 3356 monitor - ok
17:20:51.0908 3356 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:20:51.0939 3356 mouclass - ok
17:20:51.0970 3356 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
17:20:52.0017 3356 mouhid - ok
17:20:52.0048 3356 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:20:52.0079 3356 mountmgr - ok
17:20:52.0157 3356 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:20:52.0204 3356 MozillaMaintenance - ok
17:20:52.0251 3356 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:20:52.0282 3356 mpio - ok
17:20:52.0313 3356 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:20:52.0391 3356 mpsdrv - ok
17:20:52.0438 3356 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:20:52.0578 3356 MpsSvc - ok
17:20:52.0610 3356 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:20:52.0656 3356 MRxDAV - ok
17:20:52.0703 3356 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:52.0781 3356 mrxsmb - ok
17:20:52.0812 3356 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:52.0859 3356 mrxsmb10 - ok
17:20:52.0890 3356 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:52.0953 3356 mrxsmb20 - ok
17:20:52.0984 3356 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:20:53.0015 3356 msahci - ok
17:20:53.0046 3356 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:20:53.0093 3356 msdsm - ok
17:20:53.0124 3356 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:20:53.0171 3356 MSDTC - ok
17:20:53.0234 3356 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:20:53.0296 3356 Msfs - ok
17:20:53.0327 3356 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:20:53.0405 3356 mshidkmdf - ok
17:20:53.0421 3356 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:20:53.0468 3356 msisadrv - ok
17:20:53.0514 3356 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:20:53.0592 3356 MSiSCSI - ok
17:20:53.0608 3356 msiserver - ok
17:20:53.0655 3356 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:20:53.0733 3356 MSKSSRV - ok
17:20:53.0764 3356 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:53.0842 3356 MSPCLOCK - ok
17:20:53.0873 3356 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:20:53.0951 3356 MSPQM - ok
17:20:53.0982 3356 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:20:54.0029 3356 MsRPC - ok
17:20:54.0060 3356 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:20:54.0092 3356 mssmbios - ok
17:20:54.0138 3356 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:20:54.0201 3356 MSTEE - ok
17:20:54.0232 3356 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:20:54.0294 3356 MTConfig - ok
17:20:54.0310 3356 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:20:54.0341 3356 Mup - ok
17:20:54.0404 3356 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:20:54.0497 3356 napagent - ok
17:20:54.0560 3356 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:20:54.0622 3356 NativeWifiP - ok
17:20:54.0669 3356 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:20:54.0731 3356 NDIS - ok
17:20:54.0778 3356 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:20:54.0856 3356 NdisCap - ok
17:20:54.0887 3356 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:54.0965 3356 NdisTapi - ok
17:20:55.0028 3356 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:55.0106 3356 Ndisuio - ok
17:20:55.0137 3356 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:55.0215 3356 NdisWan - ok
17:20:55.0246 3356 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:20:55.0308 3356 NDProxy - ok
17:20:55.0355 3356 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:20:55.0418 3356 NetBIOS - ok
17:20:55.0449 3356 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:20:55.0527 3356 NetBT - ok
17:20:55.0574 3356 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:20:55.0620 3356 Netlogon - ok
17:20:55.0667 3356 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:20:55.0761 3356 Netman - ok
17:20:55.0776 3356 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:20:55.0886 3356 netprofm - ok
17:20:55.0979 3356 [ CF1F01AB1A9571520044F6A6E01817B6 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
17:20:56.0057 3356 netr28 - ok
17:20:56.0073 3356 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:56.0120 3356 NetTcpPortSharing - ok
17:20:56.0151 3356 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:20:56.0182 3356 nfrd960 - ok
17:20:56.0229 3356 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:20:56.0322 3356 NlaSvc - ok
17:20:56.0354 3356 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:20:56.0432 3356 Npfs - ok
17:20:56.0463 3356 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:20:56.0556 3356 nsi - ok
17:20:56.0572 3356 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:20:56.0650 3356 nsiproxy - ok
17:20:56.0728 3356 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:20:56.0806 3356 Ntfs - ok
17:20:56.0853 3356 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:20:56.0931 3356 Null - ok
17:20:57.0009 3356 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
17:20:57.0149 3356 NVENETFD - ok
17:20:57.0196 3356 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:20:57.0243 3356 nvraid - ok
17:20:57.0274 3356 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:20:57.0321 3356 nvstor - ok
17:20:57.0368 3356 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:20:57.0399 3356 nv_agp - ok
17:20:57.0446 3356 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:20:57.0492 3356 ohci1394 - ok
17:20:57.0524 3356 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:57.0570 3356 ose - ok
17:20:57.0742 3356 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:20:58.0054 3356 osppsvc - ok
17:20:58.0148 3356 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:20:58.0241 3356 p2pimsvc - ok
17:20:58.0304 3356 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:20:58.0350 3356 p2psvc - ok
17:20:58.0397 3356 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
17:20:58.0428 3356 Parport - ok
17:20:58.0460 3356 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:20:58.0506 3356 partmgr - ok
17:20:58.0538 3356 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:20:58.0569 3356 Parvdm - ok
17:20:58.0616 3356 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:20:58.0678 3356 PcaSvc - ok
17:20:58.0709 3356 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:20:58.0772 3356 pci - ok
17:20:58.0803 3356 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:20:58.0850 3356 pciide - ok
17:20:58.0881 3356 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:20:58.0928 3356 pcmcia - ok
17:20:58.0959 3356 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:20:58.0990 3356 pcw - ok
17:20:59.0052 3356 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:20:59.0162 3356 PEAUTH - ok
17:20:59.0318 3356 [ BC52ABFF6DF2BEFA45CC11D67CCC72E8 ] PGP RDD Service C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
17:20:59.0442 3356 PGP RDD Service - ok
17:20:59.0505 3356 [ C99051151DF347A5E49325117E4D48AE ] PGPdisk C:\Windows\system32\drivers\PGPdisk.sys
17:20:59.0552 3356 PGPdisk - ok
17:20:59.0598 3356 [ BB16B49FA7AEAC2D634A5954018A94AD ] pgpfs C:\Windows\system32\Drivers\PGPfsfd.sys
17:20:59.0630 3356 pgpfs - ok
17:20:59.0692 3356 [ 7D1F2A3CD5EC30FC6D59FB6DC1EC3447 ] PGPsdkDriver C:\Windows\system32\Drivers\PGPsdk.sys
17:20:59.0723 3356 PGPsdkDriver - ok
17:20:59.0754 3356 [ B758FFFB71DB863FF831E968546025E4 ] PGPwded C:\Windows\system32\drivers\PGPwded.sys
17:20:59.0801 3356 PGPwded - ok
17:20:59.0832 3356 [ D1F77E5F123A5C961554A31A1F8AB213 ] Pgpwdefs C:\Windows\system32\DRIVERS\Pgpwdefs.sys
17:20:59.0864 3356 Pgpwdefs - ok
17:20:59.0926 3356 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:21:00.0066 3356 pla - ok
17:21:00.0113 3356 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:21:00.0191 3356 PlugPlay - ok
17:21:00.0238 3356 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:21:00.0285 3356 PNRPAutoReg - ok
17:21:00.0316 3356 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:21:00.0378 3356 PNRPsvc - ok
17:21:00.0425 3356 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:21:00.0519 3356 PolicyAgent - ok
17:21:00.0581 3356 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:21:00.0675 3356 Power - ok
17:21:00.0706 3356 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:21:00.0800 3356 PptpMiniport - ok
17:21:00.0846 3356 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
17:21:00.0893 3356 Processor - ok
17:21:00.0971 3356 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:21:01.0096 3356 ProfSvc - ok
17:21:01.0127 3356 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:21:01.0174 3356 ProtectedStorage - ok
17:21:01.0221 3356 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:21:01.0299 3356 Psched - ok
17:21:01.0377 3356 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:21:01.0470 3356 ql2300 - ok
17:21:01.0517 3356 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:21:01.0564 3356 ql40xx - ok
17:21:01.0595 3356 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:21:01.0689 3356 QWAVE - ok
17:21:01.0720 3356 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:21:01.0767 3356 QWAVEdrv - ok
17:21:01.0798 3356 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:21:01.0923 3356 RasAcd - ok
17:21:01.0970 3356 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:02.0048 3356 RasAgileVpn - ok
17:21:02.0094 3356 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:21:02.0172 3356 RasAuto - ok
17:21:02.0219 3356 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:02.0313 3356 Rasl2tp - ok
17:21:02.0360 3356 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:21:02.0469 3356 RasMan - ok
17:21:02.0500 3356 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:02.0594 3356 RasPppoe - ok
17:21:02.0640 3356 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:21:02.0718 3356 RasSstp - ok
17:21:02.0765 3356 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:21:02.0859 3356 rdbss - ok
17:21:02.0906 3356 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:21:02.0952 3356 rdpbus - ok
17:21:02.0984 3356 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:03.0077 3356 RDPCDD - ok
17:21:03.0124 3356 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:21:03.0218 3356 RDPENCDD - ok
17:21:03.0249 3356 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:21:03.0327 3356 RDPREFMP - ok
17:21:03.0389 3356 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:21:03.0561 3356 RDPWD - ok
17:21:03.0623 3356 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:21:03.0670 3356 rdyboost - ok
17:21:03.0717 3356 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:21:03.0795 3356 RemoteAccess - ok
17:21:03.0826 3356 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:21:03.0920 3356 RemoteRegistry - ok
17:21:03.0951 3356 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:21:04.0044 3356 RpcEptMapper - ok
17:21:04.0076 3356 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:21:04.0154 3356 RpcLocator - ok
17:21:04.0185 3356 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:21:04.0263 3356 RpcSs - ok
17:21:04.0310 3356 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:21:04.0388 3356 rspndr - ok
17:21:04.0434 3356 [ C5ACB4D2CA623F678257B0844BD1AC8A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:21:04.0466 3356 RSUSBSTOR - ok
17:21:04.0528 3356 [ 60647BFA2FEF7F6D6FBBAF661312F2CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:21:04.0559 3356 RTL8167 - ok
17:21:04.0590 3356 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:21:04.0622 3356 SamSs - ok
17:21:04.0653 3356 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:21:04.0700 3356 sbp2port - ok
17:21:04.0746 3356 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:21:04.0824 3356 SCardSvr - ok
17:21:04.0871 3356 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:21:04.0949 3356 scfilter - ok
17:21:04.0996 3356 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:21:05.0090 3356 Schedule - ok
17:21:05.0121 3356 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:21:05.0199 3356 SCPolicySvc - ok
17:21:05.0246 3356 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:21:05.0292 3356 sdbus - ok
17:21:05.0324 3356 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:21:05.0433 3356 SDRSVC - ok
17:21:05.0464 3356 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:21:05.0511 3356 SeaPort - ok
17:21:05.0526 3356 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:21:05.0620 3356 secdrv - ok
17:21:05.0651 3356 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:21:05.0745 3356 seclogon - ok
17:21:05.0776 3356 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:21:05.0870 3356 SENS - ok
17:21:05.0901 3356 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:21:06.0010 3356 SensrSvc - ok
17:21:06.0041 3356 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:21:06.0088 3356 Serenum - ok
17:21:06.0119 3356 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
17:21:06.0182 3356 Serial - ok
17:21:06.0197 3356 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:21:06.0244 3356 sermouse - ok
17:21:06.0291 3356 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:21:06.0384 3356 SessionEnv - ok
17:21:06.0431 3356 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:21:06.0478 3356 sffdisk - ok
17:21:06.0509 3356 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:21:06.0540 3356 sffp_mmc - ok
17:21:06.0556 3356 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:21:06.0618 3356 sffp_sd - ok
17:21:06.0665 3356 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:21:06.0696 3356 sfloppy - ok
17:21:06.0774 3356 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:21:06.0837 3356 Sftfs - ok
17:21:06.0899 3356 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
17:21:06.0946 3356 sftlist - ok
17:21:06.0977 3356 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:21:07.0008 3356 Sftplay - ok
17:21:07.0040 3356 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:21:07.0055 3356 Sftredir - ok
17:21:07.0102 3356 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:21:07.0133 3356 Sftvol - ok
17:21:07.0164 3356 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
17:21:07.0196 3356 sftvsa - ok
17:21:07.0242 3356 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:21:07.0336 3356 SharedAccess - ok
17:21:07.0383 3356 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:21:07.0476 3356 ShellHWDetection - ok
17:21:07.0554 3356 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:21:07.0601 3356 sisagp - ok
17:21:07.0648 3356 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:21:07.0695 3356 SiSRaid2 - ok
17:21:07.0742 3356 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:21:07.0788 3356 SiSRaid4 - ok
17:21:08.0007 3356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:21:08.0085 3356 SkypeUpdate - ok
17:21:08.0116 3356 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:21:08.0225 3356 Smb - ok
17:21:08.0303 3356 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:21:08.0366 3356 SNMPTRAP - ok
17:21:08.0397 3356 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:21:08.0444 3356 spldr - ok
17:21:08.0506 3356 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:21:08.0600 3356 Spooler - ok
17:21:08.0724 3356 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:21:08.0958 3356 sppsvc - ok
17:21:09.0005 3356 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:21:09.0114 3356 sppuinotify - ok
17:21:09.0161 3356 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:21:09.0270 3356 srv - ok
17:21:09.0317 3356 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:21:09.0380 3356 srv2 - ok
17:21:09.0426 3356 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:21:09.0489 3356 SrvHsfHDA - ok
17:21:09.0551 3356 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:21:09.0629 3356 SrvHsfV92 - ok
17:21:09.0676 3356 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:21:09.0738 3356 SrvHsfWinac - ok
17:21:09.0785 3356 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:21:09.0848 3356 srvnet - ok
17:21:09.0894 3356 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:21:10.0004 3356 SSDPSRV - ok
17:21:10.0035 3356 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:21:10.0066 3356 ssmdrv - ok
17:21:10.0113 3356 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:21:10.0222 3356 SstpSvc - ok
17:21:10.0331 3356 [ BCECD93FA0F24D457C662F73A9A1A331 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
17:21:10.0394 3356 STacSV - ok
17:21:10.0425 3356 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:21:10.0472 3356 stexstor - ok
17:21:10.0581 3356 [ F5B7B248B27C35D1B1C8FC19D65B25C9 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
17:21:10.0674 3356 STHDA - ok
17:21:10.0752 3356 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:21:10.0862 3356 StiSvc - ok
17:21:10.0924 3356 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:21:10.0971 3356 swenum - ok
17:21:11.0049 3356 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:21:11.0142 3356 swprv - ok
17:21:11.0298 3356 [ 117A34031CDFE4682B07D5548A9A9C95 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:21:11.0423 3356 SynTP - ok
17:21:11.0579 3356 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:21:11.0720 3356 SysMain - ok
17:21:11.0766 3356 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:21:11.0844 3356 TabletInputService - ok
17:21:11.0922 3356 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:21:12.0047 3356 TapiSrv - ok
17:21:12.0094 3356 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:21:12.0219 3356 TBS - ok
17:21:12.0328 3356 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:21:12.0422 3356 Tcpip - ok
17:21:12.0484 3356 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:21:12.0609 3356 TCPIP6 - ok
17:21:12.0671 3356 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:21:12.0765 3356 tcpipreg - ok
17:21:12.0780 3356 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:21:12.0858 3356 TDPIPE - ok
17:21:12.0905 3356 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:21:12.0952 3356 TDTCP - ok
17:21:12.0983 3356 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:21:13.0061 3356 tdx - ok
17:21:13.0092 3356 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:21:13.0124 3356 TermDD - ok
17:21:13.0170 3356 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:21:13.0295 3356 TermService - ok
17:21:13.0326 3356 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:21:13.0420 3356 Themes - ok
17:21:13.0451 3356 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:21:13.0576 3356 THREADORDER - ok
17:21:13.0638 3356 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:21:13.0779 3356 TrkWks - ok
17:21:13.0872 3356 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:14.0013 3356 TrustedInstaller - ok
17:21:14.0075 3356 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:14.0216 3356 tssecsrv - ok
17:21:14.0247 3356 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:21:14.0325 3356 TsUsbFlt - ok
17:21:14.0356 3356 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:21:14.0434 3356 TsUsbGD - ok
17:21:14.0465 3356 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:21:14.0543 3356 tunnel - ok
17:21:14.0559 3356 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:21:14.0621 3356 uagp35 - ok
17:21:14.0668 3356 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:21:14.0793 3356 udfs - ok
17:21:14.0855 3356 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:21:14.0918 3356 UI0Detect - ok
17:21:14.0964 3356 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:21:15.0027 3356 uliagpkx - ok
17:21:15.0089 3356 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:21:15.0136 3356 umbus - ok
17:21:15.0183 3356 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
17:21:15.0261 3356 UmPass - ok
17:21:15.0370 3356 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:21:15.0526 3356 upnphost - ok
17:21:15.0604 3356 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:21:15.0666 3356 usbaudio - ok
17:21:15.0744 3356 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:15.0822 3356 usbccgp - ok
17:21:15.0916 3356 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:21:15.0994 3356 usbcir - ok
17:21:16.0010 3356 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:21:16.0088 3356 usbehci - ok
17:21:16.0150 3356 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\drivers\usbhub.sys
17:21:16.0212 3356 usbhub - ok
17:21:16.0244 3356 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:21:16.0322 3356 usbohci - ok
17:21:16.0368 3356 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:21:16.0431 3356 usbprint - ok
17:21:16.0446 3356 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:16.0602 3356 USBSTOR - ok
17:21:16.0634 3356 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:16.0680 3356 usbuhci - ok
17:21:16.0758 3356 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:21:16.0852 3356 usbvideo - ok
17:21:16.0883 3356 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:21:16.0977 3356 UxSms - ok
17:21:17.0008 3356 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:21:17.0070 3356 VaultSvc - ok
17:21:17.0117 3356 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:21:17.0164 3356 vdrvroot - ok
17:21:17.0242 3356 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:21:17.0367 3356 vds - ok
17:21:17.0414 3356 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:17.0476 3356 vga - ok
17:21:17.0492 3356 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:21:17.0585 3356 VgaSave - ok
17:21:17.0601 3356 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:21:17.0663 3356 vhdmp - ok
17:21:17.0679 3356 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:21:17.0726 3356 viaagp - ok
17:21:17.0757 3356 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:21:17.0804 3356 ViaC7 - ok
17:21:17.0835 3356 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:21:17.0866 3356 viaide - ok
17:21:17.0897 3356 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:21:17.0928 3356 volmgr - ok
17:21:17.0960 3356 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:21:18.0006 3356 volmgrx - ok
17:21:18.0038 3356 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:21:18.0100 3356 volsnap - ok
17:21:18.0131 3356 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:21:18.0178 3356 vsmraid - ok
17:21:18.0256 3356 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:21:18.0381 3356 VSS - ok
17:21:18.0412 3356 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:18.0474 3356 vwifibus - ok
17:21:18.0506 3356 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:18.0568 3356 vwififlt - ok
17:21:18.0599 3356 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:21:18.0708 3356 W32Time - ok
17:21:18.0755 3356 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:21:18.0849 3356 WacomPen - ok
17:21:18.0911 3356 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:21:19.0020 3356 WANARP - ok
17:21:19.0036 3356 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:21:19.0130 3356 Wanarpv6 - ok
17:21:19.0208 3356 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:21:19.0364 3356 wbengine - ok
17:21:19.0426 3356 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:21:19.0520 3356 WbioSrvc - ok
17:21:19.0551 3356 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:21:19.0613 3356 wcncsvc - ok
17:21:19.0644 3356 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:19.0722 3356 WcsPlugInService - ok
17:21:19.0754 3356 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
17:21:19.0785 3356 Wd - ok
17:21:19.0816 3356 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:21:19.0878 3356 Wdf01000 - ok
17:21:19.0894 3356 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:21:20.0003 3356 WdiServiceHost - ok
17:21:20.0034 3356 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:21:20.0097 3356 WdiSystemHost - ok
17:21:20.0144 3356 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:21:20.0222 3356 WebClient - ok
17:21:20.0253 3356 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:21:20.0362 3356 Wecsvc - ok
17:21:20.0409 3356 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:21:20.0502 3356 wercplsupport - ok
17:21:20.0534 3356 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:21:20.0627 3356 WerSvc - ok
17:21:20.0643 3356 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:20.0721 3356 WfpLwf - ok
17:21:20.0752 3356 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:21:20.0783 3356 WIMMount - ok
17:21:20.0861 3356 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:21:20.0939 3356 WinDefend - ok
17:21:20.0955 3356 WinHttpAutoProxySvc - ok
17:21:21.0033 3356 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:21:21.0111 3356 Winmgmt - ok
17:21:21.0173 3356 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:21:21.0283 3356 WinRM - ok
17:21:21.0329 3356 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:21:21.0392 3356 WinUsb - ok
17:21:21.0439 3356 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:21:21.0532 3356 Wlansvc - ok
17:21:21.0610 3356 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:21:21.0641 3356 wlcrasvc - ok
17:21:21.0782 3356 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:21:21.0907 3356 wlidsvc - ok
17:21:21.0953 3356 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:21:22.0000 3356 WmiAcpi - ok
17:21:22.0063 3356 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:21:22.0109 3356 wmiApSrv - ok
17:21:22.0203 3356 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:21:22.0312 3356 WMPNetworkSvc - ok
17:21:22.0359 3356 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:21:22.0453 3356 WPCSvc - ok
17:21:22.0468 3356 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:21:22.0546 3356 WPDBusEnum - ok
17:21:22.0593 3356 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:21:22.0687 3356 ws2ifsl - ok
17:21:22.0733 3356 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:21:22.0780 3356 wscsvc - ok
17:21:22.0796 3356 WSearch - ok
17:21:22.0889 3356 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:21:23.0014 3356 wuauserv - ok
17:21:23.0045 3356 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:21:23.0123 3356 WudfPf - ok
17:21:23.0186 3356 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:23.0279 3356 WUDFRd - ok
17:21:23.0311 3356 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:21:23.0389 3356 wudfsvc - ok
17:21:23.0420 3356 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:21:23.0482 3356 WwanSvc - ok
17:21:23.0560 3356 ================ Scan global ===============================
17:21:23.0607 3356 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:21:23.0669 3356 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:21:23.0685 3356 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:21:23.0732 3356 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:21:23.0779 3356 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:21:23.0794 3356 [Global] - ok
17:21:23.0794 3356 ================ Scan MBR ==================================
17:21:23.0810 3356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:21:24.0184 3356 \Device\Harddisk0\DR0 - ok
17:21:24.0200 3356 ================ Scan VBR ==================================
17:21:24.0200 3356 [ CEF8EF960C20789183F73F013AC2B460 ] \Device\Harddisk0\DR0\Partition1
17:21:24.0215 3356 \Device\Harddisk0\DR0\Partition1 - ok
17:21:24.0231 3356 [ 8D9FE105D7A5BC2AAA9C178E5AB30AFF ] \Device\Harddisk0\DR0\Partition2
17:21:24.0231 3356 \Device\Harddisk0\DR0\Partition2 - ok
17:21:24.0278 3356 [ F9F2C324519508919E66E1AD7455FC4A ] \Device\Harddisk0\DR0\Partition3
17:21:24.0278 3356 \Device\Harddisk0\DR0\Partition3 - ok
17:21:24.0293 3356 [ B021D615C61C56C2F157F9BC1867EA54 ] \Device\Harddisk0\DR0\Partition4
17:21:24.0309 3356 \Device\Harddisk0\DR0\Partition4 - ok
17:21:24.0309 3356 ============================================================
17:21:24.0309 3356 Scan finished
17:21:24.0309 3356 ============================================================
17:21:24.0356 4544 Detected object count: 0
17:21:24.0356 4544 Actual detected object count: 0
|
|
22.02.2013, 17:35
| #6 |
| /// Malware-holic | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Immer mit der Ruhe. Scan mit Combofix
__________________ --> Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt |
|
22.02.2013, 18:44
| #7 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Ok, habe ich gemacht! Ich musste zwischenzeitlich doch mal den Maus Kursor bewegen, um Acrobat weg zuklicken, das sich genau jetzt updaten wollte. Ausserdem hatte ich Probleme, aus dem Admin Account wieder zurück in den Benutzer Accounnt zu kommen (gehe immer nur mit Benutzer Account ins Netz). Nach einem 2. Neustart ging es dann aber und sonst hat alles geklappt Code:
ATTFilter ComboFix 13-02-22.01 - Admin 22.02.2013 17:52:00.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1012.215 [GMT 1:00]
ausgeführt von:: c:\users\Yamanthanka\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-22 bis 2013-02-22 ))))))))))))))))))))))))))))))
.
.
2013-02-22 17:08 . 2013-02-22 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-22 14:55 . 2013-02-22 14:55 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA46354-17B4-4AE1-AF3E-513C14494DB7}\offreg.dll
2013-02-22 14:45 . 2013-02-22 14:45 -------- d-----w- c:\users\Admin\AppData\Roaming\PGP Corporation
2013-02-22 14:45 . 2013-02-22 14:45 -------- d-----w- c:\users\Admin\AppData\Local\PGP Corporation
2013-02-22 13:10 . 2013-02-22 13:10 -------- d-----w- c:\users\Yamanthanka\AppData\Roaming\Malwarebytes
2013-02-22 11:20 . 2013-02-22 11:20 388096 ----a-r- c:\users\Yamanthanka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-22 11:20 . 2013-02-22 11:20 -------- d-----w- c:\program files\Trend Micro
2013-02-22 10:38 . 2013-02-22 10:38 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-02-22 10:38 . 2013-02-22 10:38 -------- d-----w- c:\programdata\Malwarebytes
2013-02-22 10:38 . 2013-02-22 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-22 10:38 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 10:37 . 2013-02-22 10:37 -------- d-----w- c:\users\Admin\AppData\Local\Programs
2013-02-21 10:28 . 2013-02-21 10:28 -------- d-----r- c:\users\Yamanthanka\AppData\Roaming\Brother
2013-02-20 09:11 . 2013-02-20 09:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-02-14 22:15 . 2013-02-14 22:15 -------- d-----w- c:\users\Yamanthanka\AppData\Local\FreeOCR
2013-02-14 21:59 . 2007-03-10 08:11 2680320 ----a-w- c:\windows\system32\ImageEnXLibrary.ocx
2013-02-14 21:58 . 2013-02-22 11:56 -------- d-----w- C:\FreeOCR
2013-02-14 21:55 . 2013-02-14 21:55 -------- d-----w- c:\program files\Temp
2013-02-14 21:21 . 2013-02-14 21:21 -------- d-----w- c:\users\Admin\AppData\Local\CrashDumps
2013-02-14 21:19 . 2013-02-20 09:13 -------- d-----w- c:\program files\SimpleOCR
2013-02-14 13:18 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA46354-17B4-4AE1-AF3E-513C14494DB7}\mpengine.dll
2013-02-14 13:10 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 13:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 13:10 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 13:10 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 13:10 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 13:09 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-02 12:12 . 2013-02-02 12:12 -------- d-----w- c:\users\Yamanthanka\AppData\Roaming\elsterformular
2013-02-02 12:11 . 2013-02-02 12:11 -------- d-----w- c:\programdata\elsterformular
2013-02-02 12:09 . 2013-02-02 12:09 -------- d-----w- c:\program files\ElsterFormular
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 15:48 . 2012-07-03 07:20 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 15:48 . 2012-01-12 11:56 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2012-03-14 16:11 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-12 02:30 . 2013-01-21 09:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-29 12:49 . 2012-08-17 11:13 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-29 12:49 . 2011-07-15 20:08 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 14:13 . 2013-01-21 10:22 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-21 10:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-02-13 07:49 . 2012-01-08 17:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2012-03-22 23:23 1194544 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\users\Yamanthanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PGP Tray.lnk - c:\windows\Installer\{7FF02DA5-208C-4498-B55A-AD23E0E76136}\Icon6560581611.exe [2012-5-25 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 48967645
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - 48967645
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 15:48]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: c:\windows\system32\PGPlsp.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D84CDC4-2775-4841-A6CC-353C216AE6A0}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{3956CDCB-8844-460A-B9DD-E449BFB99941}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{C4E06E7C-1304-453F-9A4B-6B10A2B85022}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CE0EAA3B-E8E8-429D-952F-9F7F6C8A16E4}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{FB6E22A4-8A43-4FE0-99E6-0F2E089A9796}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-22 18:14:22
ComboFix-quarantined-files.txt 2013-02-22 17:14
.
Vor Suchlauf: 10 Verzeichnis(se), 254.359.142.400 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 254.849.470.464 Bytes frei
.
- - End Of File - - 3477779715738A8D72E957C17F1ABA72
|
|
22.02.2013, 19:26
| #8 |
| /// Malware-holic | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt hi,Hi, hast du funkmaus oder funktastatur? lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.02.2013, 19:49
| #9 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Hallo, ich benutze nur mein Mauspad und Laptoptastatur. Hier die Liste: Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.02.2013 6,00MB 11.5.502.149 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.02.2013 6,00MB 11.5.502.149 unbekannt Adobe Reader X (10.1.5) MUI Adobe Systems Incorporated 16.01.2013 565MB 10.1.5 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 26.06.2011 11.5.9.620 unbekannt Avira Free Antivirus Avira 15.11.2012 109MB 12.1.9.1236 notwendig Bing Bar Microsoft Corporation 26.06.2011 24,4MB 7.0.610.0 unbekannt CCleaner Piriform 23.01.2013 3.27 unbekannt ElsterFormular Landesfinanzdirektion Thüringen 02.02.2013 187MB 14.0.0.10960 notwendig Energy Star Digital Logo Hewlett-Packard 26.06.2011 300KB 1.0.1 unbekannt Evernote v. 4.2.2 Evernote Corp. 15.07.2011 139MB 4.2.2.3979 unbekannt FreeOCR v4.2 14.02.2013 36,9MB unnötig HP Camera ArcSoft 26.06.2011 89,9MB 3.2.3.132 unbekannt HP Connection Manager Hewlett-Packard Company 26.06.2011 33,2MB 4.0.45.1 unbekannt HP Documentation Hewlett-Packard 15.07.2011 455MB 1.2.0.0 unbekannt HP Games WildTangent 26.06.2011 1.0.2.4 unbekannt HP On Screen Display Hewlett-Packard Company 15.07.2011 1,43MB 1.1.2 unbekannt HP Power Manager Hewlett-Packard Company 26.06.2011 3,61MB 1.2.3 unbekannt HP Quick Launch Hewlett-Packard Company 15.07.2011 7,14MB 2.3.6 unbekannt HP QuickWeb Hewlett-Packard Company 26.06.2011 4,35MB 3.0.1.9280 unbekannt HP Setup Hewlett-Packard Company 15.07.2011 8.6.4530.3651 unbekannt HP Setup Manager Hewlett-Packard Company 26.06.2011 8,30MB 1.1.13253.3682 unbekannt HP Software Framework Hewlett-Packard Company 15.07.2011 2,81MB 4.0.111.1 unbekannt HP Support Assistant 15.07.2011 notwendig IDT Audio IDT 26.06.2011 1.0.6351.0 unbekannt Intel(R) Control Center Intel Corporation 26.06.2011 1.2.1.1007 unbekannt Intel(R) Graphics Media Accelerator Driver Intel Corporation 26.06.2011 54,2MB 8.14.10.2230 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 26.06.2011 10.1.0.1008 unbekannt IrfanView (remove only) Irfan Skiljan 13.02.2012 1,50MB 4.32 notwendig Java 7 Update 11 Oracle 29.12.2012 128MB 7.0.110 notwendig Java(TM) 6 Update 22 Oracle 10.01.2012 97,0MB 6.0.220 Java(TM) 6 Update 27 Oracle 17.08.2012 97,0MB 6.0.270 JavaFX 2.1.1 Oracle Corporation 17.08.2012 20,8MB 2.1.1 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 22.02.2013 18,4MB 1.70.0.1100 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.01.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.01.2012 2,93MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 15.07.2011 6,31MB 14.0.4763.1000 nötig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 09.01.2012 14.0.4763.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 09.01.2012 14.0.5128.5002 notwendig Microsoft PowerPoint Viewer Microsoft Corporation 21.01.2013 158MB 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 04.07.2012 80,3MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 15.07.2011 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 15.07.2011 596KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.06.2011 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10.01.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 21.03.2012 12,2MB 10.0.40219 unbekannt Mobile Partner Huawei Technologies Co.,Ltd 07.01.2012 21.005.15.02.382 notwendig Mozilla Firefox 10.0.1 (x86 de) Mozilla 13.02.2012 39,7MB 10.0.1 notwendig Mozilla Maintenance Service Mozilla 18.01.2013 217KB 17.0.2 Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 18.01.2013 41,9MB 17.0.2 OpenOffice.org 3.3 OpenOffice.org 10.01.2012 412MB 3.3.9567 notwendig PDF24 Creator 5.2.0 PDF24.org 20.12.2012 41,4MB notwendig PGP Desktop PGP Corporation 25.05.2012 77,2MB 10.2.0.2599 notwendig Ralink RT5390 802.11b/g/n WiFi Adapter Ralink 26.06.2011 3.01.16.1 unbekannt Realtek Ethernet Controller Driver Realtek 26.06.2011 7.34.1130.2010 unbekannt Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 26.06.2011 6.1.7600.30127 unbekannt Skype Click to Call Skype Technologies S.A. 16.01.2012 12,4MB 5.8.8855 unbekannt Skype™ 5.10 Skype Technologies S.A. 21.01.2013 19,3MB 5.10.116 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 26.06.2011 46,4MB 15.2.18.0 unbekannt Windows Live Essentials Microsoft Corporation 15.07.2011 15.4.3555.0308 unnötig Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 15.07.2011 5,57MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 15.07.2011 5,57MB 15.4.5722.2 unbekannt |
|
22.02.2013, 20:17
| #10 |
| /// Malware-holic | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave Bing Evernote FreeOCR Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren Mozilla Firefox : öffnen, hilfe, update, version 18 ist aktuell Windows Live : alle für dich unnötigen Die tasten vom tachpad sind auch alle ok, keine hängt irgendwie? öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.02.2013, 12:15
| #11 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Danke für die Anleitung, ich habe alles so gemacht. Hat soweit gut geklappt!  Java: Habe alles deinstalliert und neuinstalliert. Mit dem Update von Java hatte ich vorher immer ein Problem. Habe immer eine Fehlermeldung bekommen, wenn ich die automatisch heruntergeladenen updates installieren wollte. Kann ich da irgendwas gegen tun? Mozilla: Habe ich so upgedated, wie Du geschrieben hast. Allerdings ist jetzt nur Version 17.0.1 drauf, nicht 18. Soll ich Version 18 (z.B über Chip) runterladen? Mozilla sagt mir, es sei aktuell... Mousepad: Hängt nicht, allerdings friert der Bildschirm manchmal in Mozilla ein ("firefox reagiert nicht"), und dann reagiert auch das Pad nicht. Könnte das evtl auch daran liegen, das ich ein Netbook benutze und welches schnell überfordert ist? Beim Neustart nach Adwcleaner hatte ich alle Programme geschlossen, trotzdem bekam ich von Windows eine Meldung, dass im Hintergrund noch Programme aktiv sind und geschlossen werden müssen. Welches Program wurde aber nicht angezeigt. Ist mir vorher auch schon passiert. Keine Ahnung, ob das bedeutsam ist  Hier die Adwcleaner file: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 23/02/2013 um 11:46:20 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Admin - YAMANTHANKA-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yamanthanka\Downloads\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKU\S-1-5-21-1718676208-496255785-1622115151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [974 octets] - [23/02/2013 11:46:20]
########## EOF - \AdwCleaner[S1].txt - [1033 octets] ##########
|
|
25.02.2013, 17:15
| #12 |
| /// Malware-holic | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt hi kannst du noch mal die neuete ADW cleaner version laden, und erneut ausführen. dann auf CCleaner, extras, autostartliste, windows, als txt speichern und posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.02.2013, 18:23
| #13 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Hallo, habe ich gemacht! Mein CCleaner ist in Englisch, aber das müsste die File sein (unter Tools /startup/windows): Code:
ATTFilter Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run HP Quick Launch Hewlett-Packard Development Company, L.P. C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Yes HKLM:Run HPConnectionManager Hewlett-Packard Development Company L.P. C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
Yes HKLM:Run HPOSD Hewlett-Packard Development Company, L.P. C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
Yes HKLM:Run HPQuickWebProxy Hewlett-Packard Company "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
Yes HKLM:Run IAStorIcon Intel Corporation C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run PDFPrint Geek Software GmbH C:\Program Files\PDF24\pdf24.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray.exe
Yes Startup Common PGP Tray.lnk C:\Windows\Installer\{7FF02DA5-208C-4498-B55A-AD23E0E76136}\Icon6560581611.exe
Yes Startup User OpenOffice.org 3.3.lnk C:\Program Files\OpenOffice.org 3\program\quickstart.exe
|
|
25.02.2013, 18:51
| #14 |
| /// Malware-holic | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Ok, alles aus dem Autostart außer: avgnt HotKeysCmds HP Quick Launch SynTPEnh unter startup, alle haken raus neustarten, wenn was wichtiges fehlt, können wirs anhaken. adwcleaner neu laden, log posten, löschen als option wählen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.02.2013, 19:17
| #15 |
| | Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt Ich hoffe, ich habe das jetzt richtig verstanden: ich habe bei allem die Häckchen rausgenommen, ausser bei avgnt, HotKeysCmds, HP Quick Launch, SynTPEnh. Gelöscht habe ich im CCleaner nichts, nur deaktiviert. ADW Cleaner: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 19:10:17 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Admin - YAMANTHANKA-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yamanthanka\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
|
|
| Themen zu Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt |
| acrobat update, adobe, avg, avira, bho, bingbar, computer, desktop, explorer, firefox, flash player, fotogalerie, hijack, hijackthis, home, hängen, internet, internet explorer, launch, logfile, mozilla, opera, pdf, plug-in, problem, prozesse, software, symantec, system, wildtangent games, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
