Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.02.2013, 12:49   #1
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Liebes Forum,

seit gestern habe ich folgendes Problem: wenn ich in Mozilla Firefox mehrere Tabs offen habe, bleibt der Computer öfter für einige Minuten hängen ("Firefox reagiert nicht" Meldung). Zusätzlich öffnen sich plötzlich Programme auf meinem Desktop, bis jetzt Word, Windows Live Fotogalerie, Elster (!) und Windows Media Player. Ich habe deswegen Malwarebytes installiert und drüber laufen lassen, aber es findet nichts ("keine bösartigen Objekte gefunden"). Mein normales Antiviren Program Antivir findet auch nichts.

Deswegen habe ich mit HijackThis eine Logfile erstellt und sie auf der Website von HijackThis überprüfen lassen. Es wurden 3 evtl schädliche Prozesse gefunden, nämlich:
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\notepad.exe

Ich soll ein Virenprogram laufen lassen - habe ich aber ja bereits, ohne Erfolg.

Seht Ihr etwas auffälliges an der File bzw könnt mir sagen, wie ich am besten weiter vorgehen soll? Danke und viele Grüße, jojo

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:42, on 22.02.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PDF24\pdf24.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
Q:\140066.deu\Office14\WINWORDC.EXE
Q:\140066.deu\Office14\OffSpon.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Q:\140066.deu\Office14\WINWORDC.EXE
Q:\140066.deu\Office14\OffSpon.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\notepad.exe
C:\FreeOCR\FreeOCR.exe
C:\Users\Yamanthanka\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://g.uk.msn.com/HPNOT/9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://g.uk.msn.com/HPNOT/9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1718676208-496255785-1622115151-1000\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin (User 'Yamanthanka')
O4 - S-1-5-21-1718676208-496255785-1622115151-1000 Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Yamanthanka')
O4 - S-1-5-21-1718676208-496255785-1622115151-1000 User Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Yamanthanka')
O4 - Global Startup: PGP Tray.lnk = ?
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D84CDC4-2775-4841-A6CC-353C216AE6A0}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{3956CDCB-8844-460A-B9DD-E449BFB99941}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4E06E7C-1304-453F-9A4B-6B10A2B85022}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0EAA3B-E8E8-429D-952F-9F7F6C8A16E4}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB6E22A4-8A43-4FE0-99E6-0F2E089A9796}: NameServer = 193.189.244.206 193.189.244.225
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PGP RDD Service - Symantec Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 12182 bytes

Alt 22.02.2013, 14:41   #2
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Hi
ja ich sehe etwas, du hast unsere Anleitungen nicht gelesen, hijackthis wird nicht mehr weiterentwickelt, daher vergiss das tool mal ganz schnell.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 22.02.2013, 16:00   #3
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Sorry, hatte die Anleitung nicht gesehen. Jetzt habe ich alles gelesen und werde versuchen, mich daran zu halten...

Hier der otl.txt:
Code:
ATTFilter
OTL logfile created on: 22.02.2013 16:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Yamanthanka\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1011,87 Mb Total Physical Memory | 176,18 Mb Available Physical Memory | 17,41% Memory free
2,42 Gb Paging File | 0,70 Gb Available in Paging File | 29,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280,98 Gb Total Space | 236,57 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive D: | 12,95 Gb Total Space | 1,43 Gb Free Space | 11,06% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,09 Gb Free Space | 27,56% Space Free | Partition Type: FAT32
 
Computer Name: YAMANTHANKA-HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.22 15:55:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yamanthanka\Desktop\OTL.exe
PRC - [2013.02.08 16:48:20 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.13 11:37:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 12:08:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 12:08:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:08:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.23 00:23:58 | 001,588,456 | ---- | M] (Symantec Corporation) -- C:\Programme\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012.03.23 00:23:54 | 003,934,296 | ---- | M] (Symantec Corporation) -- C:\Programme\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2012.02.13 08:49:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.07 23:22:21 | 000,239,968 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2012.01.04 14:22:40 | 003,208,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.06.30 14:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2011.06.30 14:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.04.08 09:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.03.17 15:44:18 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011.03.14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.15 14:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2011.02.15 14:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.01.27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.11 01:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.08 16:48:20 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013.01.22 14:55:31 | 001,917,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\c055f2cf0d4604170c1702e470df8827\System.Speech.ni.dll
MOD - [2013.01.22 14:54:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll
MOD - [2013.01.22 14:54:19 | 009,922,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\04be51ee3cc47fbd5cbdc8761879a145\System.Data.Entity.ni.dll
MOD - [2013.01.22 14:51:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.21 17:21:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.21 17:21:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013.01.21 17:21:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013.01.21 11:41:41 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013.01.21 11:40:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.21 11:39:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.21 11:39:17 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.21 11:39:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.21 11:38:51 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.21 11:37:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.21 11:35:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.21 11:34:46 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.21 11:33:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.21 11:33:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.21 11:32:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\156a6215a427bcec551e294300c096e6\System.Configuration.ni.dll
MOD - [2013.01.21 11:32:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.21 11:32:04 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.02.13 08:49:50 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.01.10 15:30:21 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.07.16 06:04:54 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll
MOD - [2011.07.16 06:04:17 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2011.07.16 06:04:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.07.15 21:11:07 | 000,869,888 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011.07.15 20:53:39 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011.07.15 20:53:39 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2010.11.20 22:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.24 01:21:04 | 000,904,704 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2010.01.01 00:16:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2010.01.01 00:15:48 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2010.01.01 00:15:13 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59cf850ee6b2a003167700b648ba9c7\System.Windows.Forms.ni.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.08 16:48:21 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.18 19:59:01 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 12:08:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 12:08:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.23 00:23:58 | 001,588,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012.01.07 23:22:21 | 000,239,968 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.30 14:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.15 14:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 01:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 12:08:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 12:08:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.23 00:23:56 | 000,311,328 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2012.03.23 00:23:56 | 000,014,704 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV - [2012.03.23 00:23:50 | 000,041,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2012.03.23 00:23:38 | 000,144,456 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPfsfd.sys -- (pgpfs)
DRV - [2012.03.23 00:23:36 | 000,244,360 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2012.01.07 23:22:22 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012.01.07 23:22:22 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.01.07 23:22:22 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.01.07 23:22:22 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.30 14:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.12.02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/9
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/9
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{CAEA0065-1087-4576-87F3-706875F3B9CA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/9
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{CAEA0065-1087-4576-87F3-706875F3B9CA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=4.0: C:\Program Files\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=4.0: C:\Program Files\Millisecond Software\Inquisit 4.0 Mozilla Plugin\npInquisit_4000.dll (Millisecond Software)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.13 08:49:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.18 19:59:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.08.17 11:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 11:29:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.17 11:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012.02.13 08:49:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.13 08:49:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 08:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 08:49:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 08:49:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 08:49:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 08:49:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (Symantec Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PGPlsp.dll (Symantec Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14FFD4DD-F367-4B60-BB72-5048195C6EC7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D84CDC4-2775-4841-A6CC-353C216AE6A0}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3956CDCB-8844-460A-B9DD-E449BFB99941}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5308BC1F-38A6-48DE-A538-CD7253E32946}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E06E7C-1304-453F-9A4B-6B10A2B85022}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0EAA3B-E8E8-429D-952F-9F7F6C8A16E4}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB6E22A4-8A43-4FE0-99E6-0F2E089A9796}: NameServer = 193.189.244.206 193.189.244.225
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PGP Corporation
[2013.02.22 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PGP Corporation
[2013.02.22 12:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013.02.22 11:38:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.02.22 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 11:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 11:38:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.22 11:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.22 11:37:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.02.14 22:59:04 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\System32\ImageEnXLibrary.ocx
[2013.02.14 22:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
[2013.02.14 22:58:57 | 000,000,000 | ---D | C] -- C:\FreeOCR
[2013.02.14 22:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2013.02.14 22:21:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CrashDumps
[2013.02.14 22:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleOCR
[2013.02.14 22:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2013.02.02 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.02.02 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.02.02 13:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 15:48:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 12:16:20 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 12:16:20 | 000,021,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 11:38:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.22 09:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.21 11:28:26 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.02.21 09:24:20 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.20 10:11:38 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013.02.14 22:59:07 | 000,000,590 | ---- | M] () -- C:\Users\Admin\Desktop\FreeOCR.lnk
[2013.02.03 13:24:49 | 000,000,056 | ---- | M] () -- C:\Windows\system32err.xml
[2013.02.02 13:11:14 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.22 11:38:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 10:11:38 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.02.14 22:59:07 | 000,000,590 | ---- | C] () -- C:\Users\Admin\Desktop\FreeOCR.lnk
[2013.02.03 13:24:44 | 000,000,056 | ---- | C] () -- C:\Windows\system32err.xml
[2013.02.02 13:11:14 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.11.19 10:41:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.11.19 10:41:16 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5250DN.DAT
[2012.03.23 00:24:14 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
[2011.07.16 06:07:09 | 002,605,752 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.07.16 06:07:09 | 000,753,942 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.07.16 06:07:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.07.16 06:07:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.06.26 00:37:04 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011.06.26 00:35:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.03 20:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.02 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2012.02.13 11:46:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2013.02.22 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PGP Corporation
[2012.01.12 11:06:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.01.12 11:05:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.18 20:02:11 | 000,000,000 | ---D | M] -- C:\41e3d6f4541864a9549d
[2012.03.07 17:42:25 | 000,000,000 | ---D | M] -- C:\5484fd8925ee96bc2827784400
[2011.07.16 07:24:30 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.07 22:45:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.22 12:56:21 | 000,000,000 | ---D | M] -- C:\FreeOCR
[2011.06.26 00:55:57 | 000,000,000 | -H-D | M] -- C:\HP
[2011.06.26 00:29:17 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.22 12:20:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.22 11:38:13 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.07 22:45:39 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.07 22:46:44 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.07 22:46:40 | 000,000,000 | ---D | M] -- C:\SWSetup
[2013.02.22 16:06:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.07 22:46:51 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2012.01.12 11:05:06 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.20 10:11:38 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 05:53:46 | 000,032,618 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.01.04 09:18:51 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.07.16 06:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2010.11.05 22:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_31e922a8dd4b16bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.07.16 06:20:14 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.07.16 06:20:14 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.02.22 16:01:23 | 000,786,432 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2013.02.22 16:01:23 | 000,262,144 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG1
[2012.01.12 11:05:08 | 000,000,000 | -HS- | M] () -- C:\Users\Admin\ntuser.dat.LOG2
[2012.08.02 09:14:30 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{18c7d87a-f2eb-11e1-905c-001e101fb681}.TM.blf
[2012.08.02 09:14:30 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{18c7d87a-f2eb-11e1-905c-001e101fb681}.TMContainer00000000000000000001.regtrans-ms
[2012.08.02 09:14:30 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{18c7d87a-f2eb-11e1-905c-001e101fb681}.TMContainer00000000000000000002.regtrans-ms
[2012.01.12 16:49:31 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.01.12 16:49:31 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.01.12 16:49:31 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.01.16 10:08:11 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6f629e96-5e40-11e2-b731-101f74c6e696}.TM.blf
[2013.01.16 10:08:10 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6f629e96-5e40-11e2-b731-101f74c6e696}.TMContainer00000000000000000001.regtrans-ms
[2013.01.16 10:08:11 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{6f629e96-5e40-11e2-b731-101f74c6e696}.TMContainer00000000000000000002.regtrans-ms
[2012.07.16 10:59:05 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{baa910ec-cf1e-11e1-9934-001e101f8aaa}.TM.blf
[2012.07.16 10:59:05 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{baa910ec-cf1e-11e1-9934-001e101f8aaa}.TMContainer00000000000000000001.regtrans-ms
[2012.07.16 10:59:05 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{baa910ec-cf1e-11e1-9934-001e101f8aaa}.TMContainer00000000000000000002.regtrans-ms
[2012.01.12 11:05:08 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 22.02.2013 16:00:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Yamanthanka\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1011,87 Mb Total Physical Memory | 176,18 Mb Available Physical Memory | 17,41% Memory free
2,42 Gb Paging File | 0,70 Gb Available in Paging File | 29,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280,98 Gb Total Space | 236,57 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive D: | 12,95 Gb Total Space | 1,43 Gb Free Space | 11,06% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,09 Gb Free Space | 27,56% Space Free | Partition Type: FAT32
 
Computer Name: YAMANTHANKA-HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42D1D2FF-6678-4CE1-B566-33A502021BA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C97FFDB2-5C4D-4E58-9D50-4898D21F6541}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20386AE5-B695-4BA7-99AE-2B9EF66E40D9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3D1189D3-D08A-411D-BDBB-783A8670AD77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6118C0C7-29E4-4179-B4AD-2E1FFD79B816}" = protocol=6 | dir=in | app=c:\users\yamanthanka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{707B239A-48AD-40AF-84A6-B079C72B2248}" = protocol=17 | dir=in | app=c:\users\yamanthanka\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9339F826-CED9-4679-926C-837EDDD30EC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F5904EEC-36E3-4575-8036-E41415A17904}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C4FBAF4-60A3-4BD2-BBA0-AAA3A4A6625E}" = HP Software Framework
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7FF02DA5-208C-4498-B55A-AD23E0E76136}" = PGP Desktop
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE91712-EDDE-4262-9EC2-691BAADA55D1}" = HP QuickWeb
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD63F5EF-A0DC-4E5E-8200-E5703531D649}" = HP Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4736E41-9A74-4000-BF3E-401812E5B395}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"freeocr_is1" = FreeOCR v4.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087385" = JoJo's Fashion Show
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089484" = Namco All-Stars PAC-MAN
"WT089493" = Fishdom
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 06:06:46 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 21.01.2013 06:06:46 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 21.01.2013 06:06:46 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
 erste DWORD im Datenbereich.
 
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "SMSvcHost 4.0.0.0" (SMSvcHost 4.0.0.0). Der Fehlercode ist das erste
 DWORD im Datenbereich.
 
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 21.01.2013 06:16:35 | Computer Name = Yamanthanka-HP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
 erste DWORD im Datenbereich.
 
Error - 21.01.2013 06:29:25 | Computer Name = Yamanthanka-HP | Source = WinMgmt | ID = 10
Description = 
 
[ HP Connection Manager Events ]
Error - 14.02.2013 19:03:17 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/15 00:03:17.675|000016EC|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.02.2013 19:04:15 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/15 00:04:15.442|000016EC|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 31.12.2009 19:08:05 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2010/01/01 00:08:05.869|000016EC|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 31.12.2009 19:08:11 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2010/01/01 00:08:11.610|000016EC|Error      |CWLAN::StateChanged|Fire_StateChanged
 failed [hr:0x800706BA]
 
Error - 20.02.2013 05:12:31 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/20 10:12:31.313|00001648|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.02.2013 04:23:03 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/21 09:23:03.633|00000860|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.02.2013 04:23:06 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/21 09:23:06.784|00000860|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.02.2013 04:23:08 | Computer Name = Yamanthanka-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/21 09:23:08.781|00000860|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.02.2013 17:41:46 | Computer Name = Yamanthanka-HP | Source = hpMobile | ID = 5
Description = 2013.02.21 22:41:40.485|000013A4|Error      |[HP.Mobile]Wwan::a{void()}|
 
Error - 21.02.2013 19:03:18 | Computer Name = Yamanthanka-HP | Source = hpMobile | ID = 5
Description = 2013.02.22 00:03:18.225|000013A4|Error      |[HP.Mobile]Wwan::a{void()}|
 
[ System Events ]
Error - 30.01.2013 13:43:18 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 HP Software Framework Service erreicht.
 
Error - 30.01.2013 13:43:22 | Computer Name = Yamanthanka-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 30.01.2013 13:43:22 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Software Framework Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.01.2013 19:10:34 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 31.01.2013 03:17:49 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 31.01.2013 09:55:11 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 01.02.2013 07:41:17 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 01.02.2013 19:54:21 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 02.02.2013 06:06:00 | Computer Name = Yamanthanka-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 02.02.2013 08:03:28 | Computer Name = Yamanthanka-HP | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
__________________

Alt 22.02.2013, 16:08   #4
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Hi,
is ja alles kein Problem.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.02.2013, 16:26   #5
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Hm, hat nichts gefunden...

Code:
ATTFilter
17:18:56.0388 1252  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:18:56.0934 1252  ============================================================
17:18:56.0934 1252  Current date / time: 2013/02/22 17:18:56.0934
17:18:56.0934 1252  SystemInfo:
17:18:56.0934 1252  
17:18:56.0934 1252  OS Version: 6.1.7601 ServicePack: 1.0
17:18:56.0934 1252  Product type: Workstation
17:18:56.0934 1252  ComputerName: YAMANTHANKA-HP
17:18:56.0934 1252  UserName: Admin
17:18:56.0934 1252  Windows directory: C:\Windows
17:18:56.0934 1252  System windows directory: C:\Windows
17:18:56.0934 1252  Processor architecture: Intel x86
17:18:56.0934 1252  Number of processors: 4
17:18:56.0934 1252  Page size: 0x1000
17:18:56.0934 1252  Boot type: Normal boot
17:18:56.0934 1252  ============================================================
17:18:59.0399 1252  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:18:59.0493 1252  ============================================================
17:18:59.0493 1252  \Device\Harddisk0\DR0:
17:18:59.0493 1252  MBR partitions:
17:18:59.0493 1252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:18:59.0493 1252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x231F5000
17:18:59.0493 1252  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23259000, BlocksNum 0x19E5800
17:18:59.0493 1252  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EFAB0
17:18:59.0493 1252  ============================================================
17:18:59.0571 1252  C: <-> \Device\Harddisk0\DR0\Partition2
17:18:59.0633 1252  D: <-> \Device\Harddisk0\DR0\Partition3
17:18:59.0680 1252  E: <-> \Device\Harddisk0\DR0\Partition4
17:18:59.0727 1252  ============================================================
17:18:59.0727 1252  Initialize success
17:18:59.0727 1252  ============================================================
17:20:26.0948 3356  ============================================================
17:20:26.0948 3356  Scan started
17:20:26.0948 3356  Mode: Manual; SigCheck; TDLFS; 
17:20:26.0948 3356  ============================================================
17:20:30.0161 3356  ================ Scan system memory ========================
17:20:30.0161 3356  System memory - ok
17:20:30.0161 3356  ================ Scan services =============================
17:20:30.0442 3356  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:20:31.0253 3356  1394ohci - ok
17:20:31.0331 3356  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:20:31.0378 3356  ACPI - ok
17:20:31.0409 3356  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:20:31.0503 3356  AcpiPmi - ok
17:20:31.0628 3356  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:31.0674 3356  AdobeARMservice - ok
17:20:31.0768 3356  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:20:31.0815 3356  AdobeFlashPlayerUpdateSvc - ok
17:20:31.0877 3356  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:20:31.0924 3356  adp94xx - ok
17:20:31.0971 3356  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:20:32.0018 3356  adpahci - ok
17:20:32.0049 3356  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:20:32.0080 3356  adpu320 - ok
17:20:32.0127 3356  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:20:32.0361 3356  AeLookupSvc - ok
17:20:32.0439 3356  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Program Files\IDT\WDM\aestsrv.exe
17:20:32.0564 3356  AESTFilters - ok
17:20:32.0610 3356  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:20:32.0751 3356  AFD - ok
17:20:32.0782 3356  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:20:32.0829 3356  agp440 - ok
17:20:32.0860 3356  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:20:32.0907 3356  aic78xx - ok
17:20:32.0969 3356  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:20:33.0219 3356  ALG - ok
17:20:33.0250 3356  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:20:33.0297 3356  aliide - ok
17:20:33.0328 3356  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:20:33.0359 3356  amdagp - ok
17:20:33.0390 3356  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:20:33.0422 3356  amdide - ok
17:20:33.0453 3356  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:20:33.0500 3356  AmdK8 - ok
17:20:33.0531 3356  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:20:33.0593 3356  AmdPPM - ok
17:20:33.0640 3356  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:20:33.0671 3356  amdsata - ok
17:20:33.0718 3356  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:20:33.0749 3356  amdsbs - ok
17:20:33.0780 3356  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:20:33.0812 3356  amdxata - ok
17:20:33.0874 3356  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:20:33.0936 3356  AntiVirSchedulerService - ok
17:20:33.0983 3356  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:20:33.0999 3356  AntiVirService - ok
17:20:34.0046 3356  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:20:34.0124 3356  AppID - ok
17:20:34.0170 3356  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:20:34.0248 3356  AppIDSvc - ok
17:20:34.0280 3356  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:20:34.0389 3356  Appinfo - ok
17:20:34.0420 3356  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
17:20:34.0451 3356  arc - ok
17:20:34.0514 3356  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:20:34.0545 3356  arcsas - ok
17:20:34.0560 3356  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:34.0701 3356  AsyncMac - ok
17:20:34.0748 3356  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:20:34.0779 3356  atapi - ok
17:20:34.0826 3356  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:20:34.0935 3356  AudioEndpointBuilder - ok
17:20:34.0966 3356  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:20:35.0044 3356  Audiosrv - ok
17:20:35.0091 3356  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:20:35.0184 3356  avgntflt - ok
17:20:35.0200 3356  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:20:35.0247 3356  avipbb - ok
17:20:35.0278 3356  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:20:35.0309 3356  avkmgr - ok
17:20:35.0340 3356  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:20:35.0450 3356  AxInstSV - ok
17:20:35.0496 3356  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
17:20:35.0606 3356  b06bdrv - ok
17:20:35.0652 3356  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:20:35.0715 3356  b57nd60x - ok
17:20:35.0793 3356  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:20:35.0824 3356  BBSvc - ok
17:20:35.0902 3356  [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
17:20:35.0996 3356  BCM43XX - ok
17:20:36.0027 3356  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:20:36.0136 3356  BDESVC - ok
17:20:36.0167 3356  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:20:36.0245 3356  Beep - ok
17:20:36.0292 3356  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:20:36.0401 3356  BFE - ok
17:20:36.0432 3356  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:20:36.0557 3356  BITS - ok
17:20:36.0604 3356  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:20:36.0651 3356  blbdrive - ok
17:20:36.0682 3356  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:20:36.0744 3356  bowser - ok
17:20:36.0776 3356  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:20:36.0869 3356  BrFiltLo - ok
17:20:36.0916 3356  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:20:36.0994 3356  BrFiltUp - ok
17:20:37.0056 3356  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:20:37.0181 3356  Browser - ok
17:20:37.0228 3356  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:20:37.0290 3356  Brserid - ok
17:20:37.0322 3356  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:20:37.0368 3356  BrSerWdm - ok
17:20:37.0400 3356  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:20:37.0462 3356  BrUsbMdm - ok
17:20:37.0493 3356  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:20:37.0556 3356  BrUsbSer - ok
17:20:37.0571 3356  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:20:37.0634 3356  BTHMODEM - ok
17:20:37.0696 3356  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:20:37.0774 3356  bthserv - ok
17:20:37.0821 3356  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:20:37.0899 3356  cdfs - ok
17:20:37.0961 3356  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:20:38.0024 3356  cdrom - ok
17:20:38.0055 3356  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:20:38.0148 3356  CertPropSvc - ok
17:20:38.0180 3356  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:20:38.0226 3356  circlass - ok
17:20:38.0258 3356  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:20:38.0304 3356  CLFS - ok
17:20:38.0382 3356  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:38.0414 3356  clr_optimization_v2.0.50727_32 - ok
17:20:38.0492 3356  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:38.0523 3356  clr_optimization_v4.0.30319_32 - ok
17:20:38.0523 3356  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:20:38.0585 3356  CmBatt - ok
17:20:38.0616 3356  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:20:38.0648 3356  cmdide - ok
17:20:38.0679 3356  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:20:38.0819 3356  CNG - ok
17:20:38.0866 3356  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:20:38.0913 3356  Compbatt - ok
17:20:38.0928 3356  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:20:39.0022 3356  CompositeBus - ok
17:20:39.0038 3356  COMSysApp - ok
17:20:39.0084 3356  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:20:39.0116 3356  crcdisk - ok
17:20:39.0194 3356  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:20:39.0287 3356  CryptSvc - ok
17:20:39.0396 3356  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:20:39.0474 3356  cvhsvc - ok
17:20:39.0521 3356  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:20:39.0630 3356  DcomLaunch - ok
17:20:39.0677 3356  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:20:39.0771 3356  defragsvc - ok
17:20:39.0818 3356  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:20:39.0911 3356  DfsC - ok
17:20:39.0974 3356  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:20:40.0067 3356  Dhcp - ok
17:20:40.0083 3356  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:20:40.0176 3356  discache - ok
17:20:40.0223 3356  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
17:20:40.0254 3356  Disk - ok
17:20:40.0286 3356  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:20:40.0395 3356  Dnscache - ok
17:20:40.0426 3356  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:20:40.0520 3356  dot3svc - ok
17:20:40.0551 3356  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:20:40.0644 3356  DPS - ok
17:20:40.0676 3356  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:20:40.0738 3356  drmkaud - ok
17:20:40.0785 3356  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:20:40.0847 3356  DXGKrnl - ok
17:20:40.0878 3356  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:20:40.0972 3356  EapHost - ok
17:20:41.0097 3356  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
17:20:41.0315 3356  ebdrv - ok
17:20:41.0346 3356  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:20:41.0471 3356  EFS - ok
17:20:41.0549 3356  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:20:41.0627 3356  ehRecvr - ok
17:20:41.0658 3356  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:20:41.0705 3356  ehSched - ok
17:20:41.0752 3356  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:20:41.0814 3356  elxstor - ok
17:20:41.0830 3356  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:20:41.0892 3356  ErrDev - ok
17:20:41.0955 3356  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:20:42.0064 3356  EventSystem - ok
17:20:42.0126 3356  [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
17:20:42.0220 3356  ewusbmbb - ok
17:20:42.0267 3356  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
17:20:42.0360 3356  ew_hwusbdev - ok
17:20:42.0376 3356  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:20:42.0563 3356  exfat - ok
17:20:42.0610 3356  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:20:42.0688 3356  fastfat - ok
17:20:42.0735 3356  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:20:42.0828 3356  Fax - ok
17:20:42.0860 3356  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
17:20:42.0922 3356  fdc - ok
17:20:42.0953 3356  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:20:43.0047 3356  fdPHost - ok
17:20:43.0062 3356  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:20:43.0140 3356  FDResPub - ok
17:20:43.0172 3356  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:20:43.0203 3356  FileInfo - ok
17:20:43.0218 3356  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:20:43.0312 3356  Filetrace - ok
17:20:43.0343 3356  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:20:43.0390 3356  flpydisk - ok
17:20:43.0421 3356  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:20:43.0484 3356  FltMgr - ok
17:20:43.0546 3356  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
17:20:43.0686 3356  FontCache - ok
17:20:43.0733 3356  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:43.0764 3356  FontCache3.0.0.0 - ok
17:20:43.0811 3356  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:20:43.0842 3356  FsDepends - ok
17:20:43.0874 3356  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:20:43.0905 3356  Fs_Rec - ok
17:20:43.0952 3356  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:20:43.0998 3356  fvevol - ok
17:20:44.0045 3356  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:20:44.0076 3356  gagp30kx - ok
17:20:44.0154 3356  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
17:20:44.0201 3356  GamesAppService - ok
17:20:44.0248 3356  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:20:44.0342 3356  gpsvc - ok
17:20:44.0373 3356  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:20:44.0482 3356  hcw85cir - ok
17:20:44.0529 3356  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:20:44.0591 3356  HdAudAddService - ok
17:20:44.0638 3356  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:20:44.0685 3356  HDAudBus - ok
17:20:44.0732 3356  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:20:44.0778 3356  HidBatt - ok
17:20:44.0810 3356  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:20:44.0856 3356  HidBth - ok
17:20:44.0903 3356  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:20:44.0966 3356  HidIr - ok
17:20:45.0012 3356  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:20:45.0090 3356  hidserv - ok
17:20:45.0153 3356  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:20:45.0215 3356  HidUsb - ok
17:20:45.0246 3356  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:20:45.0309 3356  hkmsvc - ok
17:20:45.0340 3356  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:20:45.0449 3356  HomeGroupListener - ok
17:20:45.0480 3356  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:20:45.0543 3356  HomeGroupProvider - ok
17:20:45.0636 3356  [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
17:20:45.0668 3356  HP Health Check Service - ok
17:20:45.0714 3356  [ DFEC85328A07E518B4DBDF43BBBA5740 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:20:45.0746 3356  HPClientSvc - ok
17:20:45.0824 3356  [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv         C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
17:20:45.0886 3356  hpCMSrv - ok
17:20:45.0948 3356  [ 14E3C3E8434D7F92C0496A1AF8503061 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:20:45.0964 3356  HPDrvMntSvc.exe - ok
17:20:46.0042 3356  [ 33C884A6BDD35F22E3C2BDDC55BC13DE ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
17:20:46.0120 3356  hpqwmiex - ok
17:20:46.0136 3356  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:20:46.0182 3356  HpSAMD - ok
17:20:46.0245 3356  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:20:46.0260 3356  HPWMISVC - ok
17:20:46.0323 3356  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:20:46.0401 3356  HTTP - ok
17:20:46.0448 3356  [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
17:20:46.0510 3356  huawei_enumerator - ok
17:20:46.0557 3356  [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:20:46.0635 3356  hwdatacard - ok
17:20:46.0728 3356  [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
17:20:46.0775 3356  HWDeviceService.exe - ok
17:20:46.0806 3356  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:20:46.0838 3356  hwpolicy - ok
17:20:46.0884 3356  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:20:46.0947 3356  i8042prt - ok
17:20:47.0025 3356  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:20:47.0056 3356  iaStor - ok
17:20:47.0118 3356  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:20:47.0134 3356  IAStorDataMgrSvc - ok
17:20:47.0196 3356  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:20:47.0243 3356  iaStorV - ok
17:20:47.0321 3356  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:47.0415 3356  idsvc - ok
17:20:47.0586 3356  [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:20:47.0867 3356  igfx - ok
17:20:47.0914 3356  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:20:47.0945 3356  iirsp - ok
17:20:48.0008 3356  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:20:48.0117 3356  IKEEXT - ok
17:20:48.0179 3356  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:20:48.0210 3356  intelide - ok
17:20:48.0257 3356  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:20:48.0304 3356  intelppm - ok
17:20:48.0335 3356  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:20:48.0413 3356  IPBusEnum - ok
17:20:48.0476 3356  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:48.0554 3356  IpFilterDriver - ok
17:20:48.0616 3356  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:20:48.0710 3356  iphlpsvc - ok
17:20:48.0741 3356  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:20:48.0772 3356  IPMIDRV - ok
17:20:48.0819 3356  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:20:48.0897 3356  IPNAT - ok
17:20:48.0928 3356  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:20:49.0006 3356  IRENUM - ok
17:20:49.0037 3356  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:20:49.0068 3356  isapnp - ok
17:20:49.0100 3356  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:20:49.0146 3356  iScsiPrt - ok
17:20:49.0193 3356  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:20:49.0224 3356  kbdclass - ok
17:20:49.0318 3356  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:20:49.0365 3356  kbdhid - ok
17:20:49.0396 3356  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:20:49.0427 3356  KeyIso - ok
17:20:49.0458 3356  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:20:49.0505 3356  KSecDD - ok
17:20:49.0536 3356  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:20:49.0568 3356  KSecPkg - ok
17:20:49.0614 3356  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:20:49.0708 3356  KtmRm - ok
17:20:49.0770 3356  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:20:49.0880 3356  LanmanServer - ok
17:20:49.0926 3356  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:20:50.0020 3356  LanmanWorkstation - ok
17:20:50.0067 3356  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:20:50.0160 3356  lltdio - ok
17:20:50.0192 3356  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:20:50.0285 3356  lltdsvc - ok
17:20:50.0332 3356  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:20:50.0410 3356  lmhosts - ok
17:20:50.0472 3356  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:20:50.0519 3356  LSI_FC - ok
17:20:50.0550 3356  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:20:50.0597 3356  LSI_SAS - ok
17:20:50.0613 3356  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:20:50.0644 3356  LSI_SAS2 - ok
17:20:50.0660 3356  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:20:50.0706 3356  LSI_SCSI - ok
17:20:50.0753 3356  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:20:50.0831 3356  luafv - ok
17:20:50.0894 3356  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:20:50.0925 3356  MBAMProtector - ok
17:20:50.0987 3356  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:20:51.0034 3356  MBAMScheduler - ok
17:20:51.0096 3356  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:51.0143 3356  MBAMService - ok
17:20:51.0190 3356  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:20:51.0237 3356  Mcx2Svc - ok
17:20:51.0268 3356  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:20:51.0299 3356  megasas - ok
17:20:51.0362 3356  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:20:51.0393 3356  MegaSR - ok
17:20:51.0440 3356  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:20:51.0533 3356  MMCSS - ok
17:20:51.0611 3356  [ 60AC73EB57682F361E07AE26A62DFD6A ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
17:20:51.0642 3356  Mobile Partner. RunOuc - ok
17:20:51.0674 3356  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:20:51.0767 3356  Modem - ok
17:20:51.0814 3356  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:20:51.0861 3356  monitor - ok
17:20:51.0908 3356  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:20:51.0939 3356  mouclass - ok
17:20:51.0970 3356  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\drivers\mouhid.sys
17:20:52.0017 3356  mouhid - ok
17:20:52.0048 3356  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:20:52.0079 3356  mountmgr - ok
17:20:52.0157 3356  [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:20:52.0204 3356  MozillaMaintenance - ok
17:20:52.0251 3356  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:20:52.0282 3356  mpio - ok
17:20:52.0313 3356  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:20:52.0391 3356  mpsdrv - ok
17:20:52.0438 3356  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:20:52.0578 3356  MpsSvc - ok
17:20:52.0610 3356  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:20:52.0656 3356  MRxDAV - ok
17:20:52.0703 3356  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:52.0781 3356  mrxsmb - ok
17:20:52.0812 3356  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:52.0859 3356  mrxsmb10 - ok
17:20:52.0890 3356  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:52.0953 3356  mrxsmb20 - ok
17:20:52.0984 3356  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:20:53.0015 3356  msahci - ok
17:20:53.0046 3356  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:20:53.0093 3356  msdsm - ok
17:20:53.0124 3356  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:20:53.0171 3356  MSDTC - ok
17:20:53.0234 3356  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:20:53.0296 3356  Msfs - ok
17:20:53.0327 3356  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:20:53.0405 3356  mshidkmdf - ok
17:20:53.0421 3356  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:20:53.0468 3356  msisadrv - ok
17:20:53.0514 3356  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:20:53.0592 3356  MSiSCSI - ok
17:20:53.0608 3356  msiserver - ok
17:20:53.0655 3356  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:20:53.0733 3356  MSKSSRV - ok
17:20:53.0764 3356  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:53.0842 3356  MSPCLOCK - ok
17:20:53.0873 3356  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:20:53.0951 3356  MSPQM - ok
17:20:53.0982 3356  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:20:54.0029 3356  MsRPC - ok
17:20:54.0060 3356  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:20:54.0092 3356  mssmbios - ok
17:20:54.0138 3356  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:20:54.0201 3356  MSTEE - ok
17:20:54.0232 3356  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:20:54.0294 3356  MTConfig - ok
17:20:54.0310 3356  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:20:54.0341 3356  Mup - ok
17:20:54.0404 3356  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:20:54.0497 3356  napagent - ok
17:20:54.0560 3356  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:20:54.0622 3356  NativeWifiP - ok
17:20:54.0669 3356  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:20:54.0731 3356  NDIS - ok
17:20:54.0778 3356  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:20:54.0856 3356  NdisCap - ok
17:20:54.0887 3356  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:54.0965 3356  NdisTapi - ok
17:20:55.0028 3356  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:55.0106 3356  Ndisuio - ok
17:20:55.0137 3356  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:55.0215 3356  NdisWan - ok
17:20:55.0246 3356  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:20:55.0308 3356  NDProxy - ok
17:20:55.0355 3356  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:20:55.0418 3356  NetBIOS - ok
17:20:55.0449 3356  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:20:55.0527 3356  NetBT - ok
17:20:55.0574 3356  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:20:55.0620 3356  Netlogon - ok
17:20:55.0667 3356  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:20:55.0761 3356  Netman - ok
17:20:55.0776 3356  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:20:55.0886 3356  netprofm - ok
17:20:55.0979 3356  [ CF1F01AB1A9571520044F6A6E01817B6 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
17:20:56.0057 3356  netr28 - ok
17:20:56.0073 3356  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:56.0120 3356  NetTcpPortSharing - ok
17:20:56.0151 3356  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:20:56.0182 3356  nfrd960 - ok
17:20:56.0229 3356  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:20:56.0322 3356  NlaSvc - ok
17:20:56.0354 3356  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:20:56.0432 3356  Npfs - ok
17:20:56.0463 3356  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:20:56.0556 3356  nsi - ok
17:20:56.0572 3356  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:20:56.0650 3356  nsiproxy - ok
17:20:56.0728 3356  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:20:56.0806 3356  Ntfs - ok
17:20:56.0853 3356  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:20:56.0931 3356  Null - ok
17:20:57.0009 3356  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
17:20:57.0149 3356  NVENETFD - ok
17:20:57.0196 3356  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:20:57.0243 3356  nvraid - ok
17:20:57.0274 3356  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:20:57.0321 3356  nvstor - ok
17:20:57.0368 3356  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:20:57.0399 3356  nv_agp - ok
17:20:57.0446 3356  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:20:57.0492 3356  ohci1394 - ok
17:20:57.0524 3356  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:57.0570 3356  ose - ok
17:20:57.0742 3356  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:20:58.0054 3356  osppsvc - ok
17:20:58.0148 3356  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:20:58.0241 3356  p2pimsvc - ok
17:20:58.0304 3356  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:20:58.0350 3356  p2psvc - ok
17:20:58.0397 3356  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
17:20:58.0428 3356  Parport - ok
17:20:58.0460 3356  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:20:58.0506 3356  partmgr - ok
17:20:58.0538 3356  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:20:58.0569 3356  Parvdm - ok
17:20:58.0616 3356  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:20:58.0678 3356  PcaSvc - ok
17:20:58.0709 3356  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:20:58.0772 3356  pci - ok
17:20:58.0803 3356  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:20:58.0850 3356  pciide - ok
17:20:58.0881 3356  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:20:58.0928 3356  pcmcia - ok
17:20:58.0959 3356  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:20:58.0990 3356  pcw - ok
17:20:59.0052 3356  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:20:59.0162 3356  PEAUTH - ok
17:20:59.0318 3356  [ BC52ABFF6DF2BEFA45CC11D67CCC72E8 ] PGP RDD Service C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
17:20:59.0442 3356  PGP RDD Service - ok
17:20:59.0505 3356  [ C99051151DF347A5E49325117E4D48AE ] PGPdisk         C:\Windows\system32\drivers\PGPdisk.sys
17:20:59.0552 3356  PGPdisk - ok
17:20:59.0598 3356  [ BB16B49FA7AEAC2D634A5954018A94AD ] pgpfs           C:\Windows\system32\Drivers\PGPfsfd.sys
17:20:59.0630 3356  pgpfs - ok
17:20:59.0692 3356  [ 7D1F2A3CD5EC30FC6D59FB6DC1EC3447 ] PGPsdkDriver    C:\Windows\system32\Drivers\PGPsdk.sys
17:20:59.0723 3356  PGPsdkDriver - ok
17:20:59.0754 3356  [ B758FFFB71DB863FF831E968546025E4 ] PGPwded         C:\Windows\system32\drivers\PGPwded.sys
17:20:59.0801 3356  PGPwded - ok
17:20:59.0832 3356  [ D1F77E5F123A5C961554A31A1F8AB213 ] Pgpwdefs        C:\Windows\system32\DRIVERS\Pgpwdefs.sys
17:20:59.0864 3356  Pgpwdefs - ok
17:20:59.0926 3356  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:21:00.0066 3356  pla - ok
17:21:00.0113 3356  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:21:00.0191 3356  PlugPlay - ok
17:21:00.0238 3356  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:21:00.0285 3356  PNRPAutoReg - ok
17:21:00.0316 3356  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:21:00.0378 3356  PNRPsvc - ok
17:21:00.0425 3356  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:21:00.0519 3356  PolicyAgent - ok
17:21:00.0581 3356  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:21:00.0675 3356  Power - ok
17:21:00.0706 3356  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:21:00.0800 3356  PptpMiniport - ok
17:21:00.0846 3356  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
17:21:00.0893 3356  Processor - ok
17:21:00.0971 3356  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:21:01.0096 3356  ProfSvc - ok
17:21:01.0127 3356  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:21:01.0174 3356  ProtectedStorage - ok
17:21:01.0221 3356  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:21:01.0299 3356  Psched - ok
17:21:01.0377 3356  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:21:01.0470 3356  ql2300 - ok
17:21:01.0517 3356  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:21:01.0564 3356  ql40xx - ok
17:21:01.0595 3356  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:21:01.0689 3356  QWAVE - ok
17:21:01.0720 3356  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:21:01.0767 3356  QWAVEdrv - ok
17:21:01.0798 3356  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:21:01.0923 3356  RasAcd - ok
17:21:01.0970 3356  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:02.0048 3356  RasAgileVpn - ok
17:21:02.0094 3356  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:21:02.0172 3356  RasAuto - ok
17:21:02.0219 3356  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:02.0313 3356  Rasl2tp - ok
17:21:02.0360 3356  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:21:02.0469 3356  RasMan - ok
17:21:02.0500 3356  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:02.0594 3356  RasPppoe - ok
17:21:02.0640 3356  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:21:02.0718 3356  RasSstp - ok
17:21:02.0765 3356  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:21:02.0859 3356  rdbss - ok
17:21:02.0906 3356  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:21:02.0952 3356  rdpbus - ok
17:21:02.0984 3356  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:03.0077 3356  RDPCDD - ok
17:21:03.0124 3356  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:21:03.0218 3356  RDPENCDD - ok
17:21:03.0249 3356  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:21:03.0327 3356  RDPREFMP - ok
17:21:03.0389 3356  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:21:03.0561 3356  RDPWD - ok
17:21:03.0623 3356  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:21:03.0670 3356  rdyboost - ok
17:21:03.0717 3356  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:21:03.0795 3356  RemoteAccess - ok
17:21:03.0826 3356  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:21:03.0920 3356  RemoteRegistry - ok
17:21:03.0951 3356  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:21:04.0044 3356  RpcEptMapper - ok
17:21:04.0076 3356  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:21:04.0154 3356  RpcLocator - ok
17:21:04.0185 3356  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:21:04.0263 3356  RpcSs - ok
17:21:04.0310 3356  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:21:04.0388 3356  rspndr - ok
17:21:04.0434 3356  [ C5ACB4D2CA623F678257B0844BD1AC8A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:21:04.0466 3356  RSUSBSTOR - ok
17:21:04.0528 3356  [ 60647BFA2FEF7F6D6FBBAF661312F2CE ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
17:21:04.0559 3356  RTL8167 - ok
17:21:04.0590 3356  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:21:04.0622 3356  SamSs - ok
17:21:04.0653 3356  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:21:04.0700 3356  sbp2port - ok
17:21:04.0746 3356  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:21:04.0824 3356  SCardSvr - ok
17:21:04.0871 3356  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:21:04.0949 3356  scfilter - ok
17:21:04.0996 3356  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:21:05.0090 3356  Schedule - ok
17:21:05.0121 3356  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:21:05.0199 3356  SCPolicySvc - ok
17:21:05.0246 3356  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:21:05.0292 3356  sdbus - ok
17:21:05.0324 3356  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:21:05.0433 3356  SDRSVC - ok
17:21:05.0464 3356  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:21:05.0511 3356  SeaPort - ok
17:21:05.0526 3356  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:21:05.0620 3356  secdrv - ok
17:21:05.0651 3356  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:21:05.0745 3356  seclogon - ok
17:21:05.0776 3356  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:21:05.0870 3356  SENS - ok
17:21:05.0901 3356  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:21:06.0010 3356  SensrSvc - ok
17:21:06.0041 3356  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:21:06.0088 3356  Serenum - ok
17:21:06.0119 3356  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
17:21:06.0182 3356  Serial - ok
17:21:06.0197 3356  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:21:06.0244 3356  sermouse - ok
17:21:06.0291 3356  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:21:06.0384 3356  SessionEnv - ok
17:21:06.0431 3356  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:21:06.0478 3356  sffdisk - ok
17:21:06.0509 3356  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:21:06.0540 3356  sffp_mmc - ok
17:21:06.0556 3356  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:21:06.0618 3356  sffp_sd - ok
17:21:06.0665 3356  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:21:06.0696 3356  sfloppy - ok
17:21:06.0774 3356  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:21:06.0837 3356  Sftfs - ok
17:21:06.0899 3356  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
17:21:06.0946 3356  sftlist - ok
17:21:06.0977 3356  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:21:07.0008 3356  Sftplay - ok
17:21:07.0040 3356  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:21:07.0055 3356  Sftredir - ok
17:21:07.0102 3356  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:21:07.0133 3356  Sftvol - ok
17:21:07.0164 3356  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
17:21:07.0196 3356  sftvsa - ok
17:21:07.0242 3356  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:21:07.0336 3356  SharedAccess - ok
17:21:07.0383 3356  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:21:07.0476 3356  ShellHWDetection - ok
17:21:07.0554 3356  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:21:07.0601 3356  sisagp - ok
17:21:07.0648 3356  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:21:07.0695 3356  SiSRaid2 - ok
17:21:07.0742 3356  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:21:07.0788 3356  SiSRaid4 - ok
17:21:08.0007 3356  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:21:08.0085 3356  SkypeUpdate - ok
17:21:08.0116 3356  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:21:08.0225 3356  Smb - ok
17:21:08.0303 3356  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:21:08.0366 3356  SNMPTRAP - ok
17:21:08.0397 3356  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:21:08.0444 3356  spldr - ok
17:21:08.0506 3356  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:21:08.0600 3356  Spooler - ok
17:21:08.0724 3356  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:21:08.0958 3356  sppsvc - ok
17:21:09.0005 3356  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:21:09.0114 3356  sppuinotify - ok
17:21:09.0161 3356  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:21:09.0270 3356  srv - ok
17:21:09.0317 3356  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:21:09.0380 3356  srv2 - ok
17:21:09.0426 3356  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:21:09.0489 3356  SrvHsfHDA - ok
17:21:09.0551 3356  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:21:09.0629 3356  SrvHsfV92 - ok
17:21:09.0676 3356  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:21:09.0738 3356  SrvHsfWinac - ok
17:21:09.0785 3356  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:21:09.0848 3356  srvnet - ok
17:21:09.0894 3356  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:21:10.0004 3356  SSDPSRV - ok
17:21:10.0035 3356  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:21:10.0066 3356  ssmdrv - ok
17:21:10.0113 3356  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:21:10.0222 3356  SstpSvc - ok
17:21:10.0331 3356  [ BCECD93FA0F24D457C662F73A9A1A331 ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
17:21:10.0394 3356  STacSV - ok
17:21:10.0425 3356  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:21:10.0472 3356  stexstor - ok
17:21:10.0581 3356  [ F5B7B248B27C35D1B1C8FC19D65B25C9 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
17:21:10.0674 3356  STHDA - ok
17:21:10.0752 3356  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:21:10.0862 3356  StiSvc - ok
17:21:10.0924 3356  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:21:10.0971 3356  swenum - ok
17:21:11.0049 3356  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:21:11.0142 3356  swprv - ok
17:21:11.0298 3356  [ 117A34031CDFE4682B07D5548A9A9C95 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:21:11.0423 3356  SynTP - ok
17:21:11.0579 3356  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:21:11.0720 3356  SysMain - ok
17:21:11.0766 3356  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:21:11.0844 3356  TabletInputService - ok
17:21:11.0922 3356  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:21:12.0047 3356  TapiSrv - ok
17:21:12.0094 3356  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:21:12.0219 3356  TBS - ok
17:21:12.0328 3356  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:21:12.0422 3356  Tcpip - ok
17:21:12.0484 3356  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:21:12.0609 3356  TCPIP6 - ok
17:21:12.0671 3356  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:21:12.0765 3356  tcpipreg - ok
17:21:12.0780 3356  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:21:12.0858 3356  TDPIPE - ok
17:21:12.0905 3356  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:21:12.0952 3356  TDTCP - ok
17:21:12.0983 3356  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:21:13.0061 3356  tdx - ok
17:21:13.0092 3356  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:21:13.0124 3356  TermDD - ok
17:21:13.0170 3356  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:21:13.0295 3356  TermService - ok
17:21:13.0326 3356  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:21:13.0420 3356  Themes - ok
17:21:13.0451 3356  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:21:13.0576 3356  THREADORDER - ok
17:21:13.0638 3356  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:21:13.0779 3356  TrkWks - ok
17:21:13.0872 3356  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:14.0013 3356  TrustedInstaller - ok
17:21:14.0075 3356  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:14.0216 3356  tssecsrv - ok
17:21:14.0247 3356  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:21:14.0325 3356  TsUsbFlt - ok
17:21:14.0356 3356  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:21:14.0434 3356  TsUsbGD - ok
17:21:14.0465 3356  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:21:14.0543 3356  tunnel - ok
17:21:14.0559 3356  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:21:14.0621 3356  uagp35 - ok
17:21:14.0668 3356  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:21:14.0793 3356  udfs - ok
17:21:14.0855 3356  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:21:14.0918 3356  UI0Detect - ok
17:21:14.0964 3356  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:21:15.0027 3356  uliagpkx - ok
17:21:15.0089 3356  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:21:15.0136 3356  umbus - ok
17:21:15.0183 3356  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:21:15.0261 3356  UmPass - ok
17:21:15.0370 3356  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:21:15.0526 3356  upnphost - ok
17:21:15.0604 3356  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:21:15.0666 3356  usbaudio - ok
17:21:15.0744 3356  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:15.0822 3356  usbccgp - ok
17:21:15.0916 3356  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:21:15.0994 3356  usbcir - ok
17:21:16.0010 3356  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:21:16.0088 3356  usbehci - ok
17:21:16.0150 3356  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:21:16.0212 3356  usbhub - ok
17:21:16.0244 3356  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:21:16.0322 3356  usbohci - ok
17:21:16.0368 3356  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:21:16.0431 3356  usbprint - ok
17:21:16.0446 3356  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:16.0602 3356  USBSTOR - ok
17:21:16.0634 3356  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:16.0680 3356  usbuhci - ok
17:21:16.0758 3356  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:21:16.0852 3356  usbvideo - ok
17:21:16.0883 3356  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:21:16.0977 3356  UxSms - ok
17:21:17.0008 3356  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:21:17.0070 3356  VaultSvc - ok
17:21:17.0117 3356  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:21:17.0164 3356  vdrvroot - ok
17:21:17.0242 3356  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:21:17.0367 3356  vds - ok
17:21:17.0414 3356  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:17.0476 3356  vga - ok
17:21:17.0492 3356  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:21:17.0585 3356  VgaSave - ok
17:21:17.0601 3356  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:21:17.0663 3356  vhdmp - ok
17:21:17.0679 3356  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:21:17.0726 3356  viaagp - ok
17:21:17.0757 3356  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:21:17.0804 3356  ViaC7 - ok
17:21:17.0835 3356  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:21:17.0866 3356  viaide - ok
17:21:17.0897 3356  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:21:17.0928 3356  volmgr - ok
17:21:17.0960 3356  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:21:18.0006 3356  volmgrx - ok
17:21:18.0038 3356  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:21:18.0100 3356  volsnap - ok
17:21:18.0131 3356  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:21:18.0178 3356  vsmraid - ok
17:21:18.0256 3356  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:21:18.0381 3356  VSS - ok
17:21:18.0412 3356  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:18.0474 3356  vwifibus - ok
17:21:18.0506 3356  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:18.0568 3356  vwififlt - ok
17:21:18.0599 3356  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:21:18.0708 3356  W32Time - ok
17:21:18.0755 3356  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:21:18.0849 3356  WacomPen - ok
17:21:18.0911 3356  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:21:19.0020 3356  WANARP - ok
17:21:19.0036 3356  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:21:19.0130 3356  Wanarpv6 - ok
17:21:19.0208 3356  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:21:19.0364 3356  wbengine - ok
17:21:19.0426 3356  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:21:19.0520 3356  WbioSrvc - ok
17:21:19.0551 3356  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:21:19.0613 3356  wcncsvc - ok
17:21:19.0644 3356  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:19.0722 3356  WcsPlugInService - ok
17:21:19.0754 3356  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
17:21:19.0785 3356  Wd - ok
17:21:19.0816 3356  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:21:19.0878 3356  Wdf01000 - ok
17:21:19.0894 3356  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:21:20.0003 3356  WdiServiceHost - ok
17:21:20.0034 3356  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:21:20.0097 3356  WdiSystemHost - ok
17:21:20.0144 3356  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:21:20.0222 3356  WebClient - ok
17:21:20.0253 3356  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:21:20.0362 3356  Wecsvc - ok
17:21:20.0409 3356  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:21:20.0502 3356  wercplsupport - ok
17:21:20.0534 3356  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:21:20.0627 3356  WerSvc - ok
17:21:20.0643 3356  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:20.0721 3356  WfpLwf - ok
17:21:20.0752 3356  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:21:20.0783 3356  WIMMount - ok
17:21:20.0861 3356  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:21:20.0939 3356  WinDefend - ok
17:21:20.0955 3356  WinHttpAutoProxySvc - ok
17:21:21.0033 3356  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:21:21.0111 3356  Winmgmt - ok
17:21:21.0173 3356  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:21:21.0283 3356  WinRM - ok
17:21:21.0329 3356  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:21:21.0392 3356  WinUsb - ok
17:21:21.0439 3356  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:21:21.0532 3356  Wlansvc - ok
17:21:21.0610 3356  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:21:21.0641 3356  wlcrasvc - ok
17:21:21.0782 3356  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:21:21.0907 3356  wlidsvc - ok
17:21:21.0953 3356  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:21:22.0000 3356  WmiAcpi - ok
17:21:22.0063 3356  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:21:22.0109 3356  wmiApSrv - ok
17:21:22.0203 3356  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:21:22.0312 3356  WMPNetworkSvc - ok
17:21:22.0359 3356  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:21:22.0453 3356  WPCSvc - ok
17:21:22.0468 3356  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:21:22.0546 3356  WPDBusEnum - ok
17:21:22.0593 3356  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:21:22.0687 3356  ws2ifsl - ok
17:21:22.0733 3356  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:21:22.0780 3356  wscsvc - ok
17:21:22.0796 3356  WSearch - ok
17:21:22.0889 3356  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:21:23.0014 3356  wuauserv - ok
17:21:23.0045 3356  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:21:23.0123 3356  WudfPf - ok
17:21:23.0186 3356  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:23.0279 3356  WUDFRd - ok
17:21:23.0311 3356  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:21:23.0389 3356  wudfsvc - ok
17:21:23.0420 3356  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:21:23.0482 3356  WwanSvc - ok
17:21:23.0560 3356  ================ Scan global ===============================
17:21:23.0607 3356  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:21:23.0669 3356  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:21:23.0685 3356  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:21:23.0732 3356  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:21:23.0779 3356  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:21:23.0794 3356  [Global] - ok
17:21:23.0794 3356  ================ Scan MBR ==================================
17:21:23.0810 3356  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:21:24.0184 3356  \Device\Harddisk0\DR0 - ok
17:21:24.0200 3356  ================ Scan VBR ==================================
17:21:24.0200 3356  [ CEF8EF960C20789183F73F013AC2B460 ] \Device\Harddisk0\DR0\Partition1
17:21:24.0215 3356  \Device\Harddisk0\DR0\Partition1 - ok
17:21:24.0231 3356  [ 8D9FE105D7A5BC2AAA9C178E5AB30AFF ] \Device\Harddisk0\DR0\Partition2
17:21:24.0231 3356  \Device\Harddisk0\DR0\Partition2 - ok
17:21:24.0278 3356  [ F9F2C324519508919E66E1AD7455FC4A ] \Device\Harddisk0\DR0\Partition3
17:21:24.0278 3356  \Device\Harddisk0\DR0\Partition3 - ok
17:21:24.0293 3356  [ B021D615C61C56C2F157F9BC1867EA54 ] \Device\Harddisk0\DR0\Partition4
17:21:24.0309 3356  \Device\Harddisk0\DR0\Partition4 - ok
17:21:24.0309 3356  ============================================================
17:21:24.0309 3356  Scan finished
17:21:24.0309 3356  ============================================================
17:21:24.0356 4544  Detected object count: 0
17:21:24.0356 4544  Actual detected object count: 0
         


Alt 22.02.2013, 16:35   #6
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Immer mit der Ruhe.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt

Alt 22.02.2013, 17:44   #7
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Ok, habe ich gemacht! Ich musste zwischenzeitlich doch mal den Maus Kursor bewegen, um Acrobat weg zuklicken, das sich genau jetzt updaten wollte. Ausserdem hatte ich Probleme, aus dem Admin Account wieder zurück in den Benutzer Accounnt zu kommen (gehe immer nur mit Benutzer Account ins Netz). Nach einem 2. Neustart ging es dann aber und sonst hat alles geklappt

Code:
ATTFilter
ComboFix 13-02-22.01 - Admin 22.02.2013  17:52:00.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1012.215 [GMT 1:00]
ausgeführt von:: c:\users\Yamanthanka\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-22 bis 2013-02-22  ))))))))))))))))))))))))))))))
.
.
2013-02-22 17:08 . 2013-02-22 17:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-22 14:55 . 2013-02-22 14:55	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA46354-17B4-4AE1-AF3E-513C14494DB7}\offreg.dll
2013-02-22 14:45 . 2013-02-22 14:45	--------	d-----w-	c:\users\Admin\AppData\Roaming\PGP Corporation
2013-02-22 14:45 . 2013-02-22 14:45	--------	d-----w-	c:\users\Admin\AppData\Local\PGP Corporation
2013-02-22 13:10 . 2013-02-22 13:10	--------	d-----w-	c:\users\Yamanthanka\AppData\Roaming\Malwarebytes
2013-02-22 11:20 . 2013-02-22 11:20	388096	----a-r-	c:\users\Yamanthanka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-22 11:20 . 2013-02-22 11:20	--------	d-----w-	c:\program files\Trend Micro
2013-02-22 10:38 . 2013-02-22 10:38	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2013-02-22 10:38 . 2013-02-22 10:38	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-22 10:38 . 2013-02-22 10:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-22 10:38 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-22 10:37 . 2013-02-22 10:37	--------	d-----w-	c:\users\Admin\AppData\Local\Programs
2013-02-21 10:28 . 2013-02-21 10:28	--------	d-----r-	c:\users\Yamanthanka\AppData\Roaming\Brother
2013-02-20 09:11 . 2013-02-20 09:11	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2013-02-14 22:15 . 2013-02-14 22:15	--------	d-----w-	c:\users\Yamanthanka\AppData\Local\FreeOCR
2013-02-14 21:59 . 2007-03-10 08:11	2680320	----a-w-	c:\windows\system32\ImageEnXLibrary.ocx
2013-02-14 21:58 . 2013-02-22 11:56	--------	d-----w-	C:\FreeOCR
2013-02-14 21:55 . 2013-02-14 21:55	--------	d-----w-	c:\program files\Temp
2013-02-14 21:21 . 2013-02-14 21:21	--------	d-----w-	c:\users\Admin\AppData\Local\CrashDumps
2013-02-14 21:19 . 2013-02-20 09:13	--------	d-----w-	c:\program files\SimpleOCR
2013-02-14 13:18 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA46354-17B4-4AE1-AF3E-513C14494DB7}\mpengine.dll
2013-02-14 13:10 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 13:10 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 13:10 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 13:10 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 13:10 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 13:09 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-02-02 12:12 . 2013-02-02 12:12	--------	d-----w-	c:\users\Yamanthanka\AppData\Roaming\elsterformular
2013-02-02 12:11 . 2013-02-02 12:11	--------	d-----w-	c:\programdata\elsterformular
2013-02-02 12:09 . 2013-02-02 12:09	--------	d-----w-	c:\program files\ElsterFormular
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 15:48 . 2012-07-03 07:20	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-08 15:48 . 2012-01-12 11:56	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2012-03-14 16:11	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-12 02:30 . 2013-01-21 09:53	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-29 12:49 . 2012-08-17 11:13	859072	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-29 12:49 . 2011-07-15 20:08	779704	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-16 14:13 . 2013-01-21 10:22	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-21 10:22	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-02-13 07:49 . 2012-01-08 17:38	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2012-03-22 23:23	1194544	----a-w-	c:\windows\System32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\users\Yamanthanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PGP Tray.lnk - c:\windows\Installer\{7FF02DA5-208C-4498-B55A-AD23E0E76136}\Icon6560581611.exe [2012-5-25 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\PGPmapih.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli PGPpwflt
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 48967645
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - 48967645
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 15:48]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: c:\windows\system32\PGPlsp.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D84CDC4-2775-4841-A6CC-353C216AE6A0}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{3956CDCB-8844-460A-B9DD-E449BFB99941}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{C4E06E7C-1304-453F-9A4B-6B10A2B85022}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CE0EAA3B-E8E8-429D-952F-9F7F6C8A16E4}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{FB6E22A4-8A43-4FE0-99E6-0F2E089A9796}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-22  18:14:22
ComboFix-quarantined-files.txt  2013-02-22 17:14
.
Vor Suchlauf: 10 Verzeichnis(se), 254.359.142.400 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 254.849.470.464 Bytes frei
.
- - End Of File - - 3477779715738A8D72E957C17F1ABA72
         

Alt 22.02.2013, 18:26   #8
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



hi,Hi, hast du funkmaus oder funktastatur?
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.02.2013, 18:49   #9
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Hallo, ich benutze nur mein Mauspad und Laptoptastatur.

Hier die Liste:
Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.02.2013	 6,00MB	11.5.502.149   notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	08.02.2013	6,00MB	11.5.502.149  unbekannt
Adobe Reader X (10.1.5) MUI	Adobe Systems Incorporated	16.01.2013	565MB	10.1.5  notwendig
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	26.06.2011		11.5.9.620 unbekannt
Avira Free Antivirus	Avira	15.11.2012	109MB	12.1.9.1236  notwendig
Bing Bar	Microsoft Corporation	26.06.2011	24,4MB	7.0.610.0  unbekannt
CCleaner	Piriform	23.01.2013		3.27 unbekannt
ElsterFormular	Landesfinanzdirektion Thüringen	02.02.2013	187MB	14.0.0.10960 notwendig
Energy Star Digital Logo	Hewlett-Packard	26.06.2011	300KB	1.0.1 unbekannt
Evernote v. 4.2.2	Evernote Corp.	15.07.2011	139MB	4.2.2.3979  unbekannt
FreeOCR v4.2		14.02.2013	36,9MB	unnötig
HP Camera	ArcSoft	26.06.2011	89,9MB	3.2.3.132 unbekannt
HP Connection Manager	Hewlett-Packard Company	26.06.2011	33,2MB	4.0.45.1 unbekannt
HP Documentation	Hewlett-Packard	15.07.2011	455MB	1.2.0.0 unbekannt
HP Games	WildTangent	26.06.2011		1.0.2.4 unbekannt
HP On Screen Display	Hewlett-Packard Company	15.07.2011	1,43MB	1.1.2 unbekannt
HP Power Manager	Hewlett-Packard Company	26.06.2011	3,61MB	1.2.3 unbekannt
HP Quick Launch	Hewlett-Packard Company	15.07.2011	7,14MB	2.3.6 unbekannt
HP QuickWeb	Hewlett-Packard Company	26.06.2011	4,35MB	3.0.1.9280 unbekannt
HP Setup	Hewlett-Packard Company	15.07.2011		8.6.4530.3651 unbekannt
HP Setup Manager	Hewlett-Packard Company	26.06.2011	8,30MB	1.1.13253.3682 unbekannt
HP Software Framework	Hewlett-Packard Company	15.07.2011	2,81MB	4.0.111.1 unbekannt
HP Support Assistant		15.07.2011		notwendig
IDT Audio	IDT	26.06.2011		1.0.6351.0 unbekannt
Intel(R) Control Center	Intel Corporation	26.06.2011		1.2.1.1007 unbekannt
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	26.06.2011	54,2MB	8.14.10.2230 unbekannt
Intel(R) Rapid Storage Technology	Intel Corporation	26.06.2011		10.1.0.1008 unbekannt
IrfanView (remove only)	Irfan Skiljan	13.02.2012	1,50MB	4.32 notwendig
Java 7 Update 11	Oracle	29.12.2012	128MB	7.0.110 notwendig
Java(TM) 6 Update 22	Oracle	10.01.2012	97,0MB	6.0.220
Java(TM) 6 Update 27	Oracle	17.08.2012	97,0MB	6.0.270
JavaFX 2.1.1	Oracle Corporation	17.08.2012	20,8MB	2.1.1 unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	22.02.2013	18,4MB	1.70.0.1100 unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	13.01.2012	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	13.01.2012	2,93MB	4.0.30319 unbekannt
Microsoft Office 2010	Microsoft Corporation	15.07.2011	6,31MB	14.0.4763.1000 nötig
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	09.01.2012	14.0.4763.1000 
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	09.01.2012 14.0.5128.5002 notwendig
Microsoft PowerPoint Viewer	Microsoft Corporation	21.01.2013	158MB	14.0.6029.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	04.07.2012	80,3MB	4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	15.07.2011	1,69MB	3.1.0000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.07.2011	596KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.06.2011	592KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	10.01.2012	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	21.03.2012	12,2MB	10.0.40219 unbekannt
Mobile Partner	Huawei Technologies Co.,Ltd	07.01.2012		21.005.15.02.382 notwendig
Mozilla Firefox 10.0.1 (x86 de)	Mozilla	13.02.2012	39,7MB	10.0.1 notwendig
Mozilla Maintenance Service	Mozilla	18.01.2013	217KB	17.0.2
Mozilla Thunderbird 17.0.2 (x86 de)	Mozilla	18.01.2013	41,9MB	17.0.2
OpenOffice.org 3.3	OpenOffice.org	10.01.2012	412MB	3.3.9567 notwendig
PDF24 Creator 5.2.0	PDF24.org	20.12.2012	41,4MB	notwendig
PGP Desktop	PGP Corporation	25.05.2012	77,2MB	10.2.0.2599 notwendig
Ralink RT5390 802.11b/g/n WiFi Adapter	Ralink	26.06.2011		3.01.16.1 unbekannt
Realtek Ethernet Controller Driver	Realtek	26.06.2011		7.34.1130.2010 unbekannt
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	26.06.2011		6.1.7600.30127 unbekannt
Skype Click to Call	Skype Technologies S.A.	16.01.2012	12,4MB	5.8.8855 unbekannt
Skype™ 5.10	Skype Technologies S.A.	21.01.2013	19,3MB	5.10.116 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	26.06.2011	46,4MB	15.2.18.0 unbekannt
Windows Live Essentials	Microsoft Corporation	15.07.2011		15.4.3555.0308 unnötig
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	15.07.2011	5,57MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	15.07.2011	5,57MB	15.4.5722.2 unbekannt
         

Alt 22.02.2013, 19:17   #10
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Shockwave
Bing
Evernote
FreeOCR
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren

Mozilla Firefox : öffnen, hilfe, update, version 18 ist aktuell
Windows Live : alle für dich unnötigen

Die tasten vom tachpad sind auch alle ok, keine hängt irgendwie?

öffne CCleaner, analysieren, starten, PC neustarten

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.02.2013, 11:15   #11
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Danke für die Anleitung, ich habe alles so gemacht. Hat soweit gut geklappt!

Java: Habe alles deinstalliert und neuinstalliert. Mit dem Update von Java hatte ich vorher immer ein Problem. Habe immer eine Fehlermeldung bekommen, wenn ich die automatisch heruntergeladenen updates installieren wollte. Kann ich da irgendwas gegen tun?

Mozilla: Habe ich so upgedated, wie Du geschrieben hast. Allerdings ist jetzt nur Version 17.0.1 drauf, nicht 18. Soll ich Version 18 (z.B über Chip) runterladen? Mozilla sagt mir, es sei aktuell...

Mousepad: Hängt nicht, allerdings friert der Bildschirm manchmal in Mozilla ein ("firefox reagiert nicht"), und dann reagiert auch das Pad nicht. Könnte das evtl auch daran liegen, das ich ein Netbook benutze und welches schnell überfordert ist?

Beim Neustart nach Adwcleaner hatte ich alle Programme geschlossen, trotzdem bekam ich von Windows eine Meldung, dass im Hintergrund noch Programme aktiv sind und geschlossen werden müssen. Welches Program wurde aber nicht angezeigt. Ist mir vorher auch schon passiert. Keine Ahnung, ob das bedeutsam ist

Hier die Adwcleaner file:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 23/02/2013 um 11:46:20 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Admin - YAMANTHANKA-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yamanthanka\Downloads\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKU\S-1-5-21-1718676208-496255785-1622115151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [974 octets] - [23/02/2013 11:46:20]

########## EOF - \AdwCleaner[S1].txt - [1033 octets] ##########
         

Alt 25.02.2013, 16:15   #12
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



hi
kannst du noch mal die neuete ADW cleaner version laden, und erneut ausführen.
dann auf CCleaner, extras, autostartliste, windows, als txt speichern und posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.02.2013, 17:23   #13
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Hallo,

habe ich gemacht! Mein CCleaner ist in Englisch, aber das müsste die File sein (unter Tools /startup/windows):

Code:
ATTFilter
Yes	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes	HKLM:Run	Adobe Reader Speed Launcher		"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes	HKLM:Run	avgnt	Avira Operations GmbH & Co. KG	"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Yes	HKLM:Run	HotKeysCmds	Intel Corporation	C:\Windows\system32\hkcmd.exe
Yes	HKLM:Run	HP Quick Launch	Hewlett-Packard Development Company, L.P.	C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Yes	HKLM:Run	HPConnectionManager	Hewlett-Packard Development Company L.P.	C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
Yes	HKLM:Run	HPOSD	Hewlett-Packard Development Company, L.P.	C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
Yes	HKLM:Run	HPQuickWebProxy	Hewlett-Packard Company	"C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
Yes	HKLM:Run	IAStorIcon	Intel Corporation	C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Yes	HKLM:Run	IgfxTray	Intel Corporation	C:\Windows\system32\igfxtray.exe
Yes	HKLM:Run	PDFPrint	Geek Software GmbH	C:\Program Files\PDF24\pdf24.exe
Yes	HKLM:Run	Persistence	Intel Corporation	C:\Windows\system32\igfxpers.exe
Yes	HKLM:Run	SunJavaUpdateSched	Sun Microsystems, Inc.	"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes	HKLM:Run	SynTPEnh	Synaptics Incorporated	%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes	HKLM:Run	SysTrayApp	IDT, Inc.	C:\Program Files\IDT\WDM\sttray.exe
Yes	Startup Common	PGP Tray.lnk		C:\Windows\Installer\{7FF02DA5-208C-4498-B55A-AD23E0E76136}\Icon6560581611.exe
Yes	Startup User	OpenOffice.org 3.3.lnk		C:\Program Files\OpenOffice.org 3\program\quickstart.exe
         

Alt 25.02.2013, 17:51   #14
markusg
/// Malware-holic
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Ok, alles aus dem Autostart außer:
avgnt
HotKeysCmds
HP Quick Launch
SynTPEnh
unter startup, alle haken raus
neustarten, wenn was wichtiges fehlt, können wirs anhaken.
adwcleaner neu laden, log posten, löschen als option wählen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.02.2013, 18:17   #15
Jojo22
 
Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Standard

Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt



Ich hoffe, ich habe das jetzt richtig verstanden: ich habe bei allem die Häckchen rausgenommen, ausser bei avgnt, HotKeysCmds, HP Quick Launch, SynTPEnh. Gelöscht habe ich im CCleaner nichts, nur deaktiviert.

ADW Cleaner:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 25/02/2013 um 19:10:17 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Admin - YAMANTHANKA-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yamanthanka\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.
         

Antwort

Themen zu Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt
acrobat update, adobe, avg, avira, bho, bingbar, computer, desktop, explorer, firefox, flash player, fotogalerie, hijack, hijackthis, home, hängen, internet, internet explorer, launch, logfile, mozilla, opera, pdf, problem, prozesse, software, symantec, system, wildtangent games, windows



Ähnliche Themen: Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt


  1. Malwarebytes Anti-Malware meldet Blockade von bösartigen Websites
    Plagegeister aller Art und deren Bekämpfung - 04.11.2015 (13)
  2. Ständig öffnen sich Internetfenster ohne das ich etwas anwähle und schließen sich von selbst wieder
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (36)
  3. 121 Objekte laut Malwarebytes Anti-Malware auf PC
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (31)
  4. Ständig (Keine Rückmeldung), Programme öffnen sich nicht, ebenso Taskmanager
    Log-Analyse und Auswertung - 31.01.2013 (1)
  5. Programme schließen sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (9)
  6. Keine Programme öffnen sich mehr | XP
    Alles rund um Windows - 08.03.2011 (1)
  7. Malwarebytes: Anzahl der Durchsuchten Objekte ändert sich
    Antiviren-, Firewall- und andere Schutzprogramme - 09.12.2010 (6)
  8. Versteckte Objekte gefunden, Fenster öffnen sich
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (10)
  9. keine programme mehr zu öffnen--kein inetexplorer-keine Fehlermeldung->virus
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (4)
  10. Kein Antivirusprogramm lässt sich öffnen (nichtmal Hijackthis oder Malwarebytes)
    Plagegeister aller Art und deren Bekämpfung - 24.10.2009 (8)
  11. Help! Komm nich weiter -> HiJackThis File angehängt
    Log-Analyse und Auswertung - 09.05.2009 (2)
  12. Programme schließen sich von selbst
    Log-Analyse und Auswertung - 26.02.2009 (0)
  13. Programme beenden sich selbst...
    Log-Analyse und Auswertung - 28.07.2008 (1)
  14. Programme schliessen sich von selbst
    Log-Analyse und Auswertung - 07.03.2008 (4)
  15. HiJackThis Log-File - Generic 4 Trojaner laut AVG
    Log-Analyse und Auswertung - 21.06.2007 (2)
  16. av programme lockieren sich selbst
    Antiviren-, Firewall- und andere Schutzprogramme - 02.09.2005 (3)
  17. Programme beenden sich von selbst !!!
    Log-Analyse und Auswertung - 07.06.2005 (8)

Zum Thema Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt - Liebes Forum, seit gestern habe ich folgendes Problem: wenn ich in Mozilla Firefox mehrere Tabs offen habe, bleibt der Computer öfter für einige Minuten hängen ("Firefox reagiert nicht" Meldung). Zusätzlich - Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt...
Archiv
Du betrachtest: Programme öffnen sich von selbst - keine bösartigen Objekte laut Malwarebytes, HijackThis File angehängt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.