| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Massive Performanceeinbrüche durch Trojan.ADH.2?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.12.2012, 23:05
| #1 |
 |  Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo Boarderliner  ,heute hat mir mein SEP11 Autoprotect 2 x gemeldet, dass er den Trojan.ADH.2 gefunden hat. Etwas seltsam, da ich auf Grund extremer Performanceprobleme seit Tagen mein System mit allem möglichen scanne aber bisher nichts gefunden wurde. Seit dem 04.11. dauert der Boot-Vorgang extrem lange und meine CPU-Auslastung schießt selbst bei kleineren Applikationen (z.B. UMTS-Verbindungsprogramm) fast permanent auf 100%, der Ping ist höher als normal (UMTS, z.B. 230 statt 120) und z.B. bei WoT hab ich fps-Raten v. 2-10 statt ca. 40. Hardwareseitig hab ich meinen RAM, die CPU und meine GraKa mit Diagnosetools gecheckt, die scheinen ok zu sein. Und die allseits propagierten Prozess- und Dienste-Kills hab ich auch hinter mir. Allerdings ohne großen Erfolg. Bis auf den Programmkompatibilitäts-Assistenten, den hab ich deaktiviert, weil alleine der schon 50% CPU-Auslastung verursacht hatte. Jetzt bleibt mir nur noch die Hoffnung, dass es an dem Trojaner liegt und der sich auch beseitigen läßt. Hier das SEP-Log: Code:
ATTFilter Filename: qWDqO0OT.exe.part
Risk: Trojan.ADH.2
Action: Cleaned by deletion
Original Location: C:\Users\***\AppData\Local\Temp\
Status: Deleted
Current Location: Quarantine
Logged By: Auto-Protect scan
Action Description: The file was deleted successfully.
Date and Time: 07.12.2012 16:26:24
Filename: BJXlyvgm.exe.part
Risk: Trojan.ADH.2
Action: Cleaned by deletion
Original Location: C:\Users\***\AppData\Local\Temp\
Status: Deleted
Current Location: Quarantine
Logged By: Auto-Protect scan
Action Description: The file was deleted successfully.
Date and Time: 07.12.2012 16:39:25
Noch das OTL-Log von heute abend: Code:
ATTFilter OTL logfile created on: 07.12.2012 20:10:01 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 76,81% Memory free 12,00 Gb Paging File | 10,56 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 5,67 Gb Free Space | 11,62% Space Free | Partition Type: NTFS Drive F: | 416,93 Gb Total Space | 348,65 Gb Free Space | 83,62% Space Free | Partition Type: NTFS Computer Name: ***-MA | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.09.08 10:35:43 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.01.10 13:49:20 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2010.04.22 23:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection \ProtectionUtilSurrogate.exe PRC - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.11.20 14:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers) SRV:64bit: - [2010.11.20 14:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2012.11.13 01:18:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service \maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core \daemonu.exe -- (nvUpdatusService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.09.08 15:47:54 | 000,276,992 | ---- | M] (Markus B. Weber) [Auto | Stopped] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu \Programs\MWconn\UMTS.exe -- (MWconn_Internet_0) SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.01.10 13:49:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter) SRV - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- F:\Teamviewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.10.05 12:24:35 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- F:\StarMoney 7\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection \Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010.04.16 20:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection \Smc.exe -- (SmcService) SRV - [2010.04.01 19:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2010.03.22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate \LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared \ccSvcHst.exe -- (ccSetMgr) SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared \ccSvcHst.exe -- (ccEvtMgr) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared \OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\System Update \UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework \v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \wpshelper.sys -- (WpsHelper) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative \drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers \fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.09.02 13:57:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.03.28 09:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative \drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.03.28 09:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.03.28 09:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers \hotcore3.sys -- (hotcore3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers \amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.10 13:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative \drivers\dokan.sys -- (Dokan) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers \vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers \vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers \rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \usbser.sys -- (usbser) DRV:64bit: - [2010.10.04 00:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4) DRV:64bit: - [2010.10.04 00:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.06.02 15:50:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \ZTEusbwwan.sys -- (ZTEusbwwan) DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.04.16 20:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers \WPSDRVnt.sys -- (WPS) DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \netr6164.sys -- (rt61x64) DRV:64bit: - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \srtspl64.sys -- (SRTSPL) DRV:64bit: - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers \srtsp64.sys -- (SRTSP) DRV:64bit: - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers \srtspx64.sys -- (SRTSPX) DRV:64bit: - [2009.12.28 11:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \Teefer2.sys -- (Teefer2) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \massfilter.sys -- (massfilter) DRV:64bit: - [2009.09.15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers \mqac.sys -- (MQAC) DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative \drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers \massfilter_hs.sys -- (massfilter_hs) DRV - [2012.09.17 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs \20121204.019\ex64.sys -- (NAVEX15) DRV - [2012.09.17 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs \20121204.019\eng64.sys -- (NAVENG) DRV - [2012.08.15 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.15 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.10.24 16:49:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {FB0FFBA3-CD1B-4B91-96B6-3363F29DE276} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms} IE - HKCU\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKCU\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p= {searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de" FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7 FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: F:\Programme\Firefox\components [2012.11.13 01:18:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M] [2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.03 00:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions [2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions \{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.25 00:36:05 | 000,500,402 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions \uriloader@pdf.js.xpi [2012.12.03 00:05:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions \{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.11.23 18:09:48 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions \{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi O1 HOSTS File: ([2012.12.03 01:25:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office \Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office \Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office \Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted [2012.12.06 23:52:48 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll [2012.12.06 23:52:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll [2012.12.06 23:52:48 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll [2012.12.06 23:52:48 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll [2012.12.06 23:52:48 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll [2012.12.06 23:52:46 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll [2012.12.06 23:52:46 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll [2012.12.06 23:52:46 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll [2012.12.06 23:52:46 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll [2012.12.06 23:52:46 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll [2012.12.06 23:52:46 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll [2012.12.06 23:52:46 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll [2012.12.06 23:52:45 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll [2012.12.06 23:52:45 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll [2012.12.06 23:52:45 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll [2012.12.06 23:52:44 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll [2012.12.06 23:52:44 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll [2012.12.06 23:22:10 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll [2012.12.06 23:22:10 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll [2012.12.06 23:22:09 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll [2012.12.06 23:22:08 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll [2012.12.06 23:22:08 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll [2012.12.06 23:19:29 | 000,060,776 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll [2012.12.06 23:19:29 | 000,052,584 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll [2012.12.06 23:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.12.06 23:09:55 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco64.dll [2012.12.06 23:09:55 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll [2012.12.06 23:09:53 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll [2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys [2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys [2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick [2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys [2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn [2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn [2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss [2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft_Corporation [2012.12.04 19:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.03 01:28:27 | 000,000,000 | ---D | C] -- C:\windows\temp [2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll [2012.11.14 19:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012.11.14 19:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012.11.14 19:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 19:10:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.14 19:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 19:10:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2012.11.14 19:10:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys [2012.11.14 19:10:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll [2012.11.14 19:10:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2012.11.14 19:10:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.14 19:10:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll [2012.11.14 19:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll [2012.11.14 19:10:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2012.11.14 19:10:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2012.11.14 19:10:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2012.11.14 19:10:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe [2012.11.14 19:10:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll [2012.11.14 19:10:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll [2012.11.14 19:10:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2012.11.14 19:10:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2012.11.14 19:10:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2012.11.14 19:10:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe [2012.11.14 19:10:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll [2012.11.14 19:10:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2012.11.14 19:10:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2012.11.14 19:10:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2012.11.14 19:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.11.14 19:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.11.14 19:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.11.14 19:02:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.11.14 19:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.11.14 19:02:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.11.14 19:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.11.14 19:02:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.11.14 19:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.11.14 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.11.14 19:02:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.11.14 19:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.11.14 19:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.11.14 19:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.11.14 19:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.11.14 18:57:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012.11.14 18:56:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012.11.14 18:56:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012.11.14 18:56:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012.11.14 18:54:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll [2012.11.14 18:54:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll [2012.11.14 18:54:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll [2012.11.14 18:54:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll [2012.11.14 18:54:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll [2012.11.14 18:54:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe [2012.11.14 18:54:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe [2012.11.14 18:54:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll [2012.11.14 18:54:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll [2012.11.14 18:54:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll [2012.11.14 18:54:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll [2012.11.14 18:54:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll [2012.11.14 18:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012.11.14 18:53:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012.11.14 18:53:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012.11.14 18:53:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012.11.14 18:53:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012.11.14 18:53:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012.11.14 18:53:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012.11.14 18:53:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012.11.14 18:53:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012.11.14 18:53:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012.11.14 18:53:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.07 20:35:59 | 000,013,840 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 20:35:59 | 000,013,840 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 19:39:17 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.12.07 19:39:17 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.12.07 19:39:17 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.12.07 19:39:17 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.12.07 19:39:16 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.12.07 19:30:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.07 19:30:20 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\***\Desktop\procexp.exe - Verknüpfung.lnk [2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\***\Desktop\MWconn.exe - Verknüpfung.lnk [2012.12.05 20:34:26 | 000,007,643 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\***\Documents\cc_20121204_225020.reg [2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.04 19:20:09 | 000,000,117 | ---- | M] () -- C:\windows\SysWow64\~.inf [2012.12.03 01:25:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll [2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll [2012.11.14 19:26:48 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.11.13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\wpshelper.sys [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.06 23:52:44 | 000,016,127 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb [2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\***\Desktop\procexp.exe - Verknüpfung.lnk [2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\***\Desktop\MWconn.exe - Verknüpfung.lnk [2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\***\Documents\cc_20121204_225020.reg [2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.04 19:20:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\~.inf [2012.11.14 19:11:17 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 18:56:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe [2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\***\RB001.REZ [2011.01.10 13:49:16 | 000,035,840 | ---- | C] () -- C:\windows\SysWow64\dokan.dll [2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc [2009.12.24 00:12:02 | 000,007,643 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.12.2012 20:10:01 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 76,81% Memory free
12,00 Gb Paging File | 10,56 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,67 Gb Free Space | 11,62% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 348,65 Gb Free Space | 83,62% Space Free | Partition Type: NTFS
Computer Name: ***-MA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0056BA9B-8546-4D67-B06C-728BEA48E773}" = StarMoney 7.0 S-Edition
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 Free
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cross Fire_is1" = Cross Fire En
"DokanLibrary" = Dokan Library 0.6.0
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PokerStars.eu" = PokerStars.eu
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.83
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.02.2012 14:41:38 | Computer Name = ***-MA | Source = Windows Backup | ID = 4103
Description =
Error - 23.02.2012 02:13:50 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 24.02.2012 12:52:01 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 26.02.2012 14:47:02 | Computer Name = ***-MA | Source = Windows Backup | ID = 4103
Description =
Error - 29.02.2012 14:18:56 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 01.03.2012 12:12:38 | Computer Name = ***-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d9c Startzeit:
01ccf7c5f11941a0 Endzeit: 59 Anwendungspfad: F:\Programme\Firefox\firefox.exe Berichts-ID:
55db3351-63b9-11e1-9d46-92e9f08d5159
Error - 01.03.2012 15:07:00 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 04.03.2012 18:43:29 | Computer Name = ***-MA | Source = Windows Backup | ID = 4103
Description =
Error - 04.03.2012 18:44:34 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 07.03.2012 02:36:33 | Computer Name = ***-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b10 Startzeit:
01ccfc2becd87dd0 Endzeit: 70 Anwendungspfad: F:\Programme\Firefox\firefox.exe Berichts-ID:
dcd10411-681f-11e1-a445-fddd4e01c7b5
[ System Events ]
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Falls ich irgendwie nicht so ganz korrekt gepostet habt, verzeiht mir bitte, war ein langer Tag. Ich gelobe Besserung. Viele Grüße schuka Geändert von schuka (07.12.2012 um 23:50 Uhr) |
|
09.12.2012, 19:58
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo und
__________________ Zitat:
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
10.12.2012, 08:13
| #3 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Guten Morgen Cosinus,
__________________sei mir nicht bös', da bisher keine Antwort kam und ich den Rechner heute für Home Office benötige, habe ich zwischenzeitlich einige Programme die ich sowieso nicht mehr benötige deinstalliert bzw. Dateien, die schon ewig nutzlos rumlagen gelöscht. Außerdem habe ich meine Grafikkarte getauscht, weil bei verschiedenen Hardwarediagnosen angezeigt wurde, dass sie nicht mehr 512 MB sondern nur noch 140 MB zur Verfügung stellt (Hab die Karte auch in einem anderen Rechner getestet). Hat von der Performance her nichts gebracht. Außerdem habe ich den Eset Online-Scanner laufen lassen, der 3 Funde gelöscht hat. Weitere Logs mit Funden (außer dem von SEP u. Eset) hab ich nicht. Ach ja, ich habe auch versucht, aswMBR als Admin zu starten, das führt jedes mal zu nem Bluescreen und dadurch zu nem automatischen Reboot. Das Startbild "Windows wird gestartet" bleibt übrigens bei jedem Start ca. 2 Minuten stehen. Eset Online-Scan: Code:
ATTFilter F:\Videos\X\FreeAudioCDToMP3Converter.exe Win32/OpenCandy Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
F:\Videos\X\FreeAudioConverter.exe Win32/OpenCandy Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
F:\Videos\X\OrbitDownloaderSetup.exe Win32/OpenCandy Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
Hier hab ich noch ein Log vom Process Explorer, ich hoffe, Du kannst was damit anfangen. Die Auslastung ist da gerade nicht so hoch. Code:
ATTFilter Process PID CPU Private Bytes Working Set Description Company Name
Interrupts n/a 46.81 0 K 0 K Hardware Interrupts and DPCs
System Idle Process 0 19.43 0 K 24 K
procexp64.exe 984 20.41 21.772 K 39.784 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System 4 7.98 112 K 304 K
firefox.exe 1492 < 0.01 152.024 K 174.316 K Firefox Mozilla Corporation
plugin-container.exe 1500 1.27 5.364 K 11.564 K Plugin Container for Firefox Mozilla Corporation
csrss.exe 468 0.63 12.592 K 11.804 K Client-Server-Laufzeitprozess Microsoft Corporation
FlashPlayerPlugin_11_5_502_110.exe 1116 1.10 13.184 K 16.260 K Adobe Flash Player 11.5 r502 Adobe Systems, Inc.
svchost.exe 912 0.53 74.988 K 84.600 K Hostprozess für Windows-Dienste Microsoft Corporation
WLanNetService.exe 1244 0.41 2.600 K 7.352 K AVMWlanService AVM Berlin
FlashPlayerPlugin_11_5_502_110.exe 2004 0.16 4.388 K 9.260 K Adobe Flash Player 11.5 r502 Adobe Systems, Inc.
explorer.exe 692 0.61 24.740 K 41.564 K Windows-Explorer Microsoft Corporation
svchost.exe 1088 0.03 14.056 K 16.292 K Hostprozess für Windows-Dienste Microsoft Corporation
wininit.exe 476 1.500 K 4.856 K Windows-Startanwendung Microsoft Corporation
WmiPrvSE.exe 1828 2.360 K 5.996 K WMI Provider Host Microsoft Corporation
winlogon.exe 560 < 0.01 2.736 K 7.320 K Windows-Anmeldeanwendung Microsoft Corporation
taskhost.exe 1108 0.01 2.468 K 7.800 K Hostprozess für Windows-Aufgaben Microsoft Corporation
svchost.exe 392 1.864 K 5.140 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 880 0.01 11.408 K 17.520 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 944 0.09 15.724 K 27.496 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 1200 < 0.01 6.492 K 7.300 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 704 0.09 4.128 K 9.196 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 788 0.05 3.208 K 7.036 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 2268 0.08 3.240 K 8.544 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 804 0.03 4.800 K 10.588 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 1692 1.468 K 4.264 K Hostprozess für Windows-Dienste Microsoft Corporation
svchost.exe 1892 1.760 K 5.320 K Hostprozess für Windows-Dienste Microsoft Corporation
smss.exe 280 452 K 1.148 K Windows-Sitzungs-Manager Microsoft Corporation
services.exe 552 0.09 4.852 K 8.956 K Anwendung für Dienste und Controller Microsoft Corporation
procexp.exe 1544 2.192 K 7.068 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mqtgsvc.exe 1556 2.448 K 5.304 K Message Queuing Trigger Service Microsoft Corporation
mqsvc.exe 1292 < 0.01 4.204 K 8.300 K Message Queuing Service Microsoft Corporation
lsm.exe 604 < 0.01 2.340 K 4.148 K Lokaler Sitzungs-Manager-Dienst Microsoft Corporation
lsass.exe 596 0.19 3.712 K 10.100 K Local Security Authority Process Microsoft Corporation
dwm.exe 732 1.688 K 5.276 K Desktopfenster-Manager Microsoft Corporation
csrss.exe 388 < 0.01 1.920 K 4.316 K Client-Server-Laufzeitprozess Microsoft Corporation
Gruß Schuka PS: Ich habe die o.a. Maßnahmen ergriffen, weil die Zeit drängte (Home Office) und ich nicht wußte, wann ich Antwort bekomme. Außerdem wollte ich euch nicht frühzeitig auf den Senkel gehen, weil ich weiß, dass ihr eure Freizeit dafür opfert. Absoluter Respekt und Hochachtung vor eurer Leistung, eurem Engagement und eurer Motivation! Hallo Cosinus, hier erst mal das aktuelle OTL-Log (eine "Extras.txt" gabs diesmal nicht...?): Code:
ATTFilter OTL logfile created on: 11.12.2012 01:56:07 - Run 2 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Steff\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,35% Memory free 12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,83% Paging File free Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 9,20 Gb Free Space | 18,84% Space Free | Partition Type: NTFS Drive F: | 416,93 Gb Total Space | 364,11 Gb Free Space | 87,33% Space Free | Partition Type: NTFS Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.08 10:35:43 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steff\Desktop\OTL.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe PRC - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2010.04.22 23:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.11.20 14:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers) SRV:64bit: - [2010.11.20 14:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2012.12.08 08:27:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.09.08 15:47:54 | 000,276,992 | ---- | M] (Markus B. Weber) [Auto | Stopped] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe -- (MWconn_Internet_0) SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010.04.16 20:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2010.04.01 19:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.09.02 13:57:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.03.28 09:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.03.28 09:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.03.28 09:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.10.04 00:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4) DRV:64bit: - [2010.10.04 00:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.06.02 15:50:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan) DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.04.16 20:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS) DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.28 11:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV - [2012.09.17 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys -- (NAVEX15) DRV - [2012.09.17 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys -- (NAVENG) DRV - [2012.08.15 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.15 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.10.24 16:49:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {FB0FFBA3-CD1B-4B91-96B6-3363F29DE276} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms} IE - HKCU\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKCU\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M] [2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions [2012.12.10 07:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions [2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.25 00:36:05 | 000,500,402 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi [2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.12.08 00:52:07 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi O1 HOSTS File: ([2012.12.03 01:25:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe [2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD [2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI [2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI [2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys [2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys [2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll [2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll [2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted [2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps [2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys [2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys [2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick [2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys [2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics [2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn [2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn [2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss [2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation [2012.12.04 19:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.03 01:28:27 | 000,000,000 | ---D | C] -- C:\windows\temp [2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll [2012.11.14 19:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012.11.14 19:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012.11.14 19:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 19:10:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.14 19:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 19:10:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2012.11.14 19:10:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys [2012.11.14 19:10:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll [2012.11.14 19:10:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2012.11.14 19:10:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.14 19:10:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll [2012.11.14 19:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll [2012.11.14 19:10:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2012.11.14 19:10:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2012.11.14 19:10:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2012.11.14 19:10:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe [2012.11.14 19:10:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll [2012.11.14 19:10:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll [2012.11.14 19:10:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2012.11.14 19:10:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2012.11.14 19:10:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2012.11.14 19:10:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe [2012.11.14 19:10:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll [2012.11.14 19:10:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2012.11.14 19:10:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2012.11.14 19:10:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2012.11.14 19:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.11.14 19:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.11.14 19:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.11.14 19:02:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.11.14 19:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.11.14 19:02:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.11.14 19:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.11.14 19:02:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.11.14 19:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.11.14 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.11.14 19:02:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.11.14 19:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.11.14 19:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.11.14 19:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.11.14 19:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.11.14 18:57:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012.11.14 18:56:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012.11.14 18:56:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012.11.14 18:56:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012.11.14 18:54:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll [2012.11.14 18:54:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll [2012.11.14 18:54:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll [2012.11.14 18:54:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll [2012.11.14 18:54:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll [2012.11.14 18:54:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe [2012.11.14 18:54:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe [2012.11.14 18:54:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll [2012.11.14 18:54:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll [2012.11.14 18:54:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll [2012.11.14 18:54:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll [2012.11.14 18:54:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll [2012.11.14 18:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012.11.14 18:53:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012.11.14 18:53:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012.11.14 18:53:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012.11.14 18:53:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012.11.14 18:53:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012.11.14 18:53:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012.11.14 18:53:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012.11.14 18:53:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012.11.14 18:53:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012.11.14 18:53:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.12.11 01:41:35 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.12.11 01:41:35 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.12.11 01:41:35 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.12.11 01:41:35 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.12.11 01:41:35 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 01:28:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.11 01:28:14 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2012.12.10 03:48:51 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe [2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin [2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg [2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv [2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk [2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk [2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg [2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.04 19:20:09 | 000,000,117 | ---- | M] () -- C:\windows\SysWow64\~.inf [2012.12.03 01:25:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll [2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll [2012.11.14 19:26:48 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 03:40:00 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat [2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat [2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb [2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb [2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat [2012.12.08 17:44:20 | 000,038,159 | ---- | C] () -- C:\windows\atiogl.xml [2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv [2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk [2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk [2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg [2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.04 19:20:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\~.inf [2012.11.14 19:11:17 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 18:56:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe [2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll [2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\Steff\RB001.REZ [2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc [2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg < End of report > Da Du ja darum gebeten hattest, habe ich keine Virenscans mehr laufen lassen. Weitere Logs von anderen Scans habe ich auch keine mehr gefunden. Gruß Steff Geändert von schuka (10.12.2012 um 08:21 Uhr) |
|
11.12.2012, 19:17
| #4 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo Cosinus, hab versehentlich meinen vorherigen Beitrag editiert, statt ne neue Antwort aufzumachen. Hier erst mal das aktuelle OTL-Log (eine "Extras.txt" gabs diesmal nicht...?): Code:
ATTFilter OTL logfile created on: 11.12.2012 01:56:07 - Run 2 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Steff\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,35% Memory free 12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,83% Paging File free Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 9,20 Gb Free Space | 18,84% Space Free | Partition Type: NTFS Drive F: | 416,93 Gb Total Space | 364,11 Gb Free Space | 87,33% Space Free | Partition Type: NTFS Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.08 10:35:43 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steff\Desktop\OTL.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe PRC - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2010.04.22 23:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.11.20 14:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers) SRV:64bit: - [2010.11.20 14:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2012.12.08 08:27:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.09.08 15:47:54 | 000,276,992 | ---- | M] (Markus B. Weber) [Auto | Stopped] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe -- (MWconn_Internet_0) SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010.04.16 20:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2010.04.01 19:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.09.02 13:57:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.03.28 09:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.03.28 09:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.03.28 09:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.10.04 00:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4) DRV:64bit: - [2010.10.04 00:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.06.02 15:50:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan) DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.04.16 20:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS) DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.28 11:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV - [2012.09.17 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys -- (NAVEX15) DRV - [2012.09.17 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys -- (NAVENG) DRV - [2012.08.15 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.15 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.10.24 16:49:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {FB0FFBA3-CD1B-4B91-96B6-3363F29DE276} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms} IE - HKCU\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKCU\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M] [2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions [2012.12.10 07:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions [2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.25 00:36:05 | 000,500,402 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi [2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.12.08 00:52:07 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi O1 HOSTS File: ([2012.12.03 01:25:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe [2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD [2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI [2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI [2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys [2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys [2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll [2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll [2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted [2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps [2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys [2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys [2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick [2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys [2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics [2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn [2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn [2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss [2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation [2012.12.04 19:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.03 01:28:27 | 000,000,000 | ---D | C] -- C:\windows\temp [2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll [2012.11.14 19:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012.11.14 19:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012.11.14 19:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 19:10:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.14 19:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 19:10:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2012.11.14 19:10:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys [2012.11.14 19:10:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll [2012.11.14 19:10:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2012.11.14 19:10:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.14 19:10:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll [2012.11.14 19:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll [2012.11.14 19:10:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2012.11.14 19:10:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2012.11.14 19:10:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2012.11.14 19:10:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe [2012.11.14 19:10:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll [2012.11.14 19:10:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll [2012.11.14 19:10:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2012.11.14 19:10:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2012.11.14 19:10:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2012.11.14 19:10:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe [2012.11.14 19:10:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll [2012.11.14 19:10:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2012.11.14 19:10:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2012.11.14 19:10:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2012.11.14 19:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.11.14 19:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.11.14 19:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.11.14 19:02:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.11.14 19:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.11.14 19:02:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.11.14 19:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.11.14 19:02:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.11.14 19:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.11.14 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.11.14 19:02:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.11.14 19:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.11.14 19:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.11.14 19:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.11.14 19:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.11.14 18:57:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012.11.14 18:56:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012.11.14 18:56:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012.11.14 18:56:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012.11.14 18:54:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll [2012.11.14 18:54:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll [2012.11.14 18:54:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll [2012.11.14 18:54:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll [2012.11.14 18:54:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll [2012.11.14 18:54:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe [2012.11.14 18:54:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe [2012.11.14 18:54:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll [2012.11.14 18:54:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll [2012.11.14 18:54:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll [2012.11.14 18:54:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll [2012.11.14 18:54:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll [2012.11.14 18:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012.11.14 18:53:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012.11.14 18:53:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012.11.14 18:53:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012.11.14 18:53:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012.11.14 18:53:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012.11.14 18:53:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012.11.14 18:53:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012.11.14 18:53:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012.11.14 18:53:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012.11.14 18:53:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.12.11 01:41:35 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.12.11 01:41:35 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.12.11 01:41:35 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.12.11 01:41:35 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.12.11 01:41:35 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 01:28:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.11 01:28:14 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys [2012.12.10 03:48:51 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe [2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin [2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg [2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv [2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk [2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk [2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg [2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.04 19:20:09 | 000,000,117 | ---- | M] () -- C:\windows\SysWow64\~.inf [2012.12.03 01:25:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll [2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll [2012.11.14 19:26:48 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 03:40:00 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat [2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat [2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb [2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb [2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat [2012.12.08 17:44:20 | 000,038,159 | ---- | C] () -- C:\windows\atiogl.xml [2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv [2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk [2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk [2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg [2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.04 19:20:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\~.inf [2012.11.14 19:11:17 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 18:56:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe [2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll [2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\Steff\RB001.REZ [2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc [2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg < End of report > Da Du ja darum gebeten hattest, habe ich keine Virenscans mehr laufen lassen. Weitere Logs von anderen Scans habe ich auch keine mehr gefunden. Gruß Steff |
|
11.12.2012, 22:13
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Massive Performanceeinbrüche durch Trojan.ADH.2? Was ist denn jetzt mit den Logs von Malwarebytes?! Das Programm ist nämlich NICHT deinstalliert! ???
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.12.2012, 08:42
| #6 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo Cosinus, hier das mb-Log von heute nacht: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.11.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steff :: STEFF-MA [Administrator] 12.12.2012 02:01:07 mbam-log-2012-12-12 (02-01-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 346676 Laufzeit: 5 Stunde(n), 40 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.12.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steff :: STEFF-MA [Administrator] Schutz: Aktiviert 13.11.2012 01:47:57 mbam-log-2012-11-13 (01-47-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359888 Laufzeit: 51 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von schuka (12.12.2012 um 08:49 Uhr) |
|
12.12.2012, 13:40
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Massive Performanceeinbrüche durch Trojan.ADH.2? Warum machst du neue Scans?! Was hast du hierdran nicht verstanden: Zitat:
 Hast du nun ältere Logs von Malwarebytes Funden oder nicht?!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2012, 19:28
| #8 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? In meiner letzten Antwort siehst siehst Du ja ein mb-Log vom 13.11. Und da ist kein Fund aufgezeigt. Ich habe auch nie geschrieben, dass mb mal was gefunden hat. Und das ältere Log habe ich auch erst gesehen, nachdem ich heute nacht mb laufen ließ, weil ich das Log in einen separaten Ordner verschoben und den Eintrag im Logdateien-Tab gelöscht hatte. Schließlich hatte mb ja nichts gefunden. Wie ich aber schon am 10.12. geschrieben hatte, habe ich auch keine weiteren Logs mit Funden außer denen von SEP u. Eset, die ich aber bereits angefügt habe. |
|
13.12.2012, 13:15
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Massive Performanceeinbrüche durch Trojan.ADH.2?Zitat:
 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.12.2012, 19:09
| #10 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Hier die beiden Logs von aswMBR u. TDSSKiller. Probleme gabs beim aswMBR. aswMBR hab ich als Administrator ausgeführt, dann wurden die avast!-Virendefinitionen heruntergeladen. Als das durch war, hab ich Scan angeklickt. AV-Scan stand standardmäßig auf Quick Scan. Sofort kam ein Bluescreen und der Rechner startete neu. Ich hab Windows danach normal starten lassen und aswMBR nochmal als Admin ausgeführt, daraufhin wieder Bluescreen. Danach hab ich Windows im abgesicherten Modus gestartet, aswMBR als Admin ausgeführt, Quick Scan stehen lassen und auf Scan geklickt. Nach ca. 2 Min. erschien die Fehlermeldung "avast! Antirootkit funktioniert nicht mehr". aswMBR geschlossen, neu als Admin ausgeführt, AV Scan auf "none" geändert und gescannt (immer noch im abgesicherten Modus). Nach nem Neustart des Rechners im "normalen" Modus hab ich dann TDSSKiller als Admin ausgeführt. Ist problemlos durchgelaufen. Und jetzt die Logs. aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-13 18:30:48
-----------------------------
18:30:48.908 OS Version: Windows x64 6.1.7601 Service Pack 1
18:30:48.908 Number of processors: 2 586 0x6B02
18:30:48.923 ComputerName: STEFF-MA UserName: Steff
18:30:50.280 Initialize success
18:30:58.767 AVAST engine defs: 12121301
18:31:11.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000080
18:31:11.793 Disk 0 Vendor: ST350041 CV12 Size: 476938MB BusType: 3
18:31:11.793 Disk 0 MBR read successfully
18:31:11.808 Disk 0 MBR scan
18:31:11.824 Disk 0 Windows 7 default MBR code
18:31:11.824 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
18:31:11.824 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 426938 MB offset 102398310
18:31:11.855 Disk 0 scanning C:\windows\system32\drivers
18:31:25.599 Service scanning
18:31:43.898 Modules scanning
18:31:43.898 Disk 0 trace - called modules:
18:31:43.929 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:31:43.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041e4740]
18:31:43.929 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80036f9e40]
18:31:43.929 5 ACPI.sys[fffff88000ee47a1] -> nt!IofCallDriver -> \Device\00000080[0xfffffa80036f7060]
18:31:43.944 Scan finished successfully
18:32:06.798 Disk 0 MBR has been saved successfully to "C:\Users\Steff\Documents\Trojaner-Board\MBR.dat"
18:32:06.814 The log file has been saved successfully to "C:\Users\Steff\Documents\Trojaner-Board\aswMBR.txt"
Code:
ATTFilter 18:44:37.0774 2784 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:44:39.0811 2784 ============================================================
18:44:39.0811 2784 Current date / time: 2012/12/13 18:44:39.0811
18:44:39.0811 2784 SystemInfo:
18:44:39.0821 2784
18:44:39.0821 2784 OS Version: 6.1.7601 ServicePack: 1.0
18:44:39.0821 2784 Product type: Workstation
18:44:39.0821 2784 ComputerName: STEFF-MA
18:44:39.0821 2784 UserName: Steff
18:44:39.0821 2784 Windows directory: C:\windows
18:44:39.0821 2784 System windows directory: C:\windows
18:44:39.0821 2784 Running under WOW64
18:44:39.0821 2784 Processor architecture: Intel x64
18:44:39.0821 2784 Number of processors: 2
18:44:39.0821 2784 Page size: 0x1000
18:44:39.0821 2784 Boot type: Normal boot
18:44:39.0821 2784 ============================================================
18:44:47.0208 2784 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:44:47.0271 2784 ============================================================
18:44:47.0286 2784 \Device\Harddisk0\DR0:
18:44:47.0286 2784 MBR partitions:
18:44:47.0286 2784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
18:44:47.0286 2784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x341DD2DB
18:44:47.0286 2784 ============================================================
18:44:47.0318 2784 C: <-> \Device\Harddisk0\DR0\Partition1
18:44:47.0364 2784 F: <-> \Device\Harddisk0\DR0\Partition2
18:44:47.0380 2784 ============================================================
18:44:47.0380 2784 Initialize success
18:44:47.0380 2784 ============================================================
18:45:08.0003 2816 ============================================================
18:45:08.0003 2816 Scan started
18:45:08.0003 2816 Mode: Manual; SigCheck; TDLFS;
18:45:08.0003 2816 ============================================================
18:45:09.0704 2816 ================ Scan system memory ========================
18:45:09.0704 2816 System memory - ok
18:45:09.0704 2816 ================ Scan services =============================
18:45:10.0203 2816 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:45:11.0856 2816 1394ohci - ok
18:45:11.0934 2816 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:45:12.0231 2816 ACPI - ok
18:45:12.0293 2816 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:45:12.0886 2816 AcpiPmi - ok
18:45:12.0980 2816 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:45:13.0401 2816 adp94xx - ok
18:45:13.0463 2816 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:45:13.0869 2816 adpahci - ok
18:45:13.0900 2816 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:45:14.0290 2816 adpu320 - ok
18:45:14.0368 2816 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:45:15.0086 2816 AeLookupSvc - ok
18:45:15.0195 2816 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
18:45:15.0538 2816 AFD - ok
18:45:15.0600 2816 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
18:45:15.0975 2816 agp440 - ok
18:45:16.0037 2816 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
18:45:16.0287 2816 ALG - ok
18:45:16.0349 2816 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
18:45:16.0708 2816 aliide - ok
18:45:16.0770 2816 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:45:17.0363 2816 AMD External Events Utility - ok
18:45:17.0441 2816 AMD FUEL Service - ok
18:45:17.0472 2816 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
18:45:17.0909 2816 amdide - ok
18:45:17.0987 2816 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys
18:45:18.0611 2816 amdiox64 - ok
18:45:18.0689 2816 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:45:18.0970 2816 AmdK8 - ok
18:45:19.0391 2816 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
18:45:19.0968 2816 amdkmdag - ok
18:45:20.0046 2816 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
18:45:20.0296 2816 amdkmdap - ok
18:45:20.0343 2816 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:45:20.0748 2816 AmdPPM - ok
18:45:20.0795 2816 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:45:21.0154 2816 amdsata - ok
18:45:21.0216 2816 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:45:21.0575 2816 amdsbs - ok
18:45:21.0622 2816 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:45:21.0840 2816 amdxata - ok
18:45:21.0934 2816 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
18:45:22.0340 2816 AppHostSvc - ok
18:45:22.0433 2816 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
18:45:23.0010 2816 AppID - ok
18:45:23.0057 2816 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:45:23.0619 2816 AppIDSvc - ok
18:45:23.0697 2816 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
18:45:23.0993 2816 Appinfo - ok
18:45:24.0056 2816 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
18:45:24.0570 2816 AppMgmt - ok
18:45:24.0633 2816 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
18:45:25.0101 2816 arc - ok
18:45:25.0148 2816 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:45:25.0538 2816 arcsas - ok
18:45:25.0678 2816 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:45:26.0006 2816 AsyncMac - ok
18:45:26.0052 2816 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
18:45:26.0255 2816 atapi - ok
18:45:26.0349 2816 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
18:45:26.0630 2816 AtiHDAudioService - ok
18:45:26.0739 2816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:45:27.0113 2816 AudioEndpointBuilder - ok
18:45:27.0207 2816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
18:45:27.0534 2816 AudioSrv - ok
18:45:27.0659 2816 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
18:45:28.0860 2816 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:45:28.0860 2816 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:45:28.0938 2816 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\windows\system32\drivers\avmeject.sys
18:45:29.0282 2816 avmeject - ok
18:45:29.0375 2816 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
18:45:29.0828 2816 AxInstSV - ok
18:45:29.0906 2816 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
18:45:30.0311 2816 b06bdrv - ok
18:45:30.0342 2816 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:45:30.0764 2816 b57nd60a - ok
18:45:30.0842 2816 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
18:45:31.0325 2816 BDESVC - ok
18:45:31.0388 2816 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:45:31.0668 2816 Beep - ok
18:45:31.0778 2816 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
18:45:32.0121 2816 BFE - ok
18:45:32.0230 2816 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
18:45:32.0558 2816 BITS - ok
18:45:32.0636 2816 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:45:32.0916 2816 blbdrive - ok
18:45:32.0963 2816 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:45:33.0228 2816 bowser - ok
18:45:33.0275 2816 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:45:33.0759 2816 BrFiltLo - ok
18:45:33.0821 2816 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:45:34.0133 2816 BrFiltUp - ok
18:45:34.0180 2816 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
18:45:34.0632 2816 BridgeMP - ok
18:45:34.0726 2816 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
18:45:35.0085 2816 Browser - ok
18:45:35.0147 2816 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:45:35.0834 2816 Brserid - ok
18:45:35.0865 2816 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:45:36.0255 2816 BrSerWdm - ok
18:45:36.0286 2816 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:45:36.0692 2816 BrUsbMdm - ok
18:45:36.0723 2816 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:45:37.0097 2816 BrUsbSer - ok
18:45:37.0128 2816 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:45:37.0550 2816 BTHMODEM - ok
18:45:37.0643 2816 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
18:45:38.0064 2816 bthserv - ok
18:45:38.0142 2816 [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
18:45:38.0626 2816 ccEvtMgr - ok
18:45:38.0704 2816 [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
18:45:39.0000 2816 ccSetMgr - ok
18:45:39.0063 2816 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:45:39.0500 2816 cdfs - ok
18:45:39.0562 2816 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
18:45:40.0030 2816 cdrom - ok
18:45:40.0108 2816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
18:45:40.0404 2816 CertPropSvc - ok
18:45:40.0451 2816 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:45:40.0841 2816 circlass - ok
18:45:40.0888 2816 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
18:45:41.0200 2816 CLFS - ok
18:45:41.0309 2816 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:42.0308 2816 clr_optimization_v2.0.50727_32 - ok
18:45:42.0464 2816 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:45:42.0869 2816 clr_optimization_v2.0.50727_64 - ok
18:45:43.0010 2816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:43.0259 2816 clr_optimization_v4.0.30319_32 - ok
18:45:43.0337 2816 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:45:43.0634 2816 clr_optimization_v4.0.30319_64 - ok
18:45:43.0696 2816 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:45:44.0086 2816 CmBatt - ok
18:45:44.0133 2816 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
18:45:44.0445 2816 cmdide - ok
18:45:44.0507 2816 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
18:45:44.0772 2816 CNG - ok
18:45:44.0819 2816 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:45:45.0178 2816 Compbatt - ok
18:45:45.0225 2816 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
18:45:45.0552 2816 CompositeBus - ok
18:45:45.0599 2816 COMSysApp - ok
18:45:45.0677 2816 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:45:46.0130 2816 crcdisk - ok
18:45:46.0208 2816 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
18:45:46.0520 2816 CryptSvc - ok
18:45:46.0644 2816 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
18:45:47.0003 2816 CSC - ok
18:45:47.0081 2816 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
18:45:47.0440 2816 CscService - ok
18:45:47.0580 2816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
18:45:47.0986 2816 DcomLaunch - ok
18:45:48.0048 2816 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
18:45:48.0563 2816 defragsvc - ok
18:45:48.0610 2816 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:45:48.0906 2816 DfsC - ok
18:45:48.0969 2816 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
18:45:49.0312 2816 Dhcp - ok
18:45:49.0359 2816 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
18:45:49.0671 2816 discache - ok
18:45:49.0718 2816 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
18:45:49.0983 2816 Disk - ok
18:45:50.0076 2816 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:45:50.0357 2816 Dnscache - ok
18:45:50.0466 2816 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
18:45:50.0763 2816 dot3svc - ok
18:45:50.0888 2816 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
18:45:51.0231 2816 DPS - ok
18:45:51.0293 2816 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:45:51.0699 2816 drmkaud - ok
18:45:51.0808 2816 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:45:52.0120 2816 DXGKrnl - ok
18:45:52.0151 2816 EagleX64 - ok
18:45:52.0214 2816 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
18:45:52.0494 2816 EapHost - ok
18:45:52.0650 2816 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
18:45:53.0212 2816 ebdrv - ok
18:45:53.0290 2816 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:45:53.0477 2816 eeCtrl - ok
18:45:53.0540 2816 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
18:45:53.0852 2816 EFS - ok
18:45:53.0898 2816 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:45:54.0413 2816 elxstor - ok
18:45:54.0460 2816 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:45:54.0725 2816 EraserUtilRebootDrv - ok
18:45:54.0756 2816 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
18:45:55.0146 2816 ErrDev - ok
18:45:55.0271 2816 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
18:45:55.0661 2816 EventSystem - ok
18:45:55.0708 2816 ewusbnet - ok
18:45:55.0770 2816 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
18:45:56.0207 2816 exfat - ok
18:45:56.0285 2816 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
18:45:56.0862 2816 fastfat - ok
18:45:56.0940 2816 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
18:45:57.0268 2816 Fax - ok
18:45:57.0299 2816 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:45:57.0830 2816 fdc - ok
18:45:57.0892 2816 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
18:45:58.0188 2816 fdPHost - ok
18:45:58.0235 2816 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:45:58.0703 2816 FDResPub - ok
18:45:58.0781 2816 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:45:59.0031 2816 FileInfo - ok
18:45:59.0124 2816 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:45:59.0577 2816 Filetrace - ok
18:45:59.0624 2816 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:45:59.0967 2816 flpydisk - ok
18:46:00.0045 2816 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:46:00.0279 2816 FltMgr - ok
18:46:00.0404 2816 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
18:46:00.0903 2816 FontCache - ok
18:46:00.0996 2816 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:46:01.0371 2816 FontCache3.0.0.0 - ok
18:46:01.0449 2816 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:46:01.0808 2816 FsDepends - ok
18:46:01.0854 2816 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:46:02.0088 2816 Fs_Rec - ok
18:46:02.0166 2816 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:46:02.0369 2816 fvevol - ok
18:46:02.0525 2816 [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4 C:\windows\system32\DRIVERS\fwlanusb4.sys
18:46:03.0102 2816 fwlanusb4 - ok
18:46:03.0134 2816 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:46:03.0492 2816 gagp30kx - ok
18:46:03.0586 2816 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\windows\gdrv.sys
18:46:03.0960 2816 gdrv - ok
18:46:04.0070 2816 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
18:46:04.0522 2816 gpsvc - ok
18:46:04.0584 2816 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:46:04.0990 2816 hcw85cir - ok
18:46:05.0084 2816 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:46:05.0380 2816 HdAudAddService - ok
18:46:05.0411 2816 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
18:46:05.0645 2816 HDAudBus - ok
18:46:05.0692 2816 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:46:06.0129 2816 HidBatt - ok
18:46:06.0176 2816 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:46:06.0612 2816 HidBth - ok
18:46:06.0659 2816 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:46:07.0065 2816 HidIr - ok
18:46:07.0143 2816 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
18:46:07.0580 2816 hidserv - ok
18:46:07.0642 2816 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:46:07.0907 2816 HidUsb - ok
18:46:07.0985 2816 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
18:46:08.0328 2816 hkmsvc - ok
18:46:08.0391 2816 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:46:08.0703 2816 HomeGroupListener - ok
18:46:08.0765 2816 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:46:09.0046 2816 HomeGroupProvider - ok
18:46:09.0108 2816 [ DDF58C2E16527073FEF370EDFE970745 ] hotcore3 C:\windows\system32\DRIVERS\hotcore3.sys
18:46:09.0342 2816 hotcore3 - ok
18:46:09.0420 2816 [ E325F85012E793CEE74B73C4F22AE311 ] HPFXBULKLEDM C:\windows\system32\drivers\hppdbulkio.sys
18:46:09.0732 2816 HPFXBULKLEDM - ok
18:46:09.0810 2816 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:46:10.0232 2816 HpSAMD - ok
18:46:10.0325 2816 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:46:10.0871 2816 HTTP - ok
18:46:10.0934 2816 huawei_enumerator - ok
18:46:10.0965 2816 hwdatacard - ok
18:46:11.0027 2816 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:46:11.0199 2816 hwpolicy - ok
18:46:11.0261 2816 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
18:46:11.0620 2816 i8042prt - ok
18:46:11.0682 2816 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:46:12.0135 2816 iaStorV - ok
18:46:12.0228 2816 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:46:12.0728 2816 idsvc - ok
18:46:12.0759 2816 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:46:13.0133 2816 iirsp - ok
18:46:13.0180 2816 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\windows\system32\inetsrv\inetinfo.exe
18:46:13.0554 2816 IISADMIN - ok
18:46:13.0664 2816 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
18:46:14.0038 2816 IKEEXT - ok
18:46:14.0116 2816 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
18:46:14.0568 2816 intelide - ok
18:46:14.0646 2816 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:46:15.0114 2816 intelppm - ok
18:46:15.0161 2816 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:46:15.0645 2816 IPBusEnum - ok
18:46:15.0692 2816 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:46:16.0128 2816 IpFilterDriver - ok
18:46:16.0206 2816 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:46:16.0550 2816 iphlpsvc - ok
18:46:16.0612 2816 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:46:17.0002 2816 IPMIDRV - ok
18:46:17.0049 2816 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:46:17.0454 2816 IPNAT - ok
18:46:17.0501 2816 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:46:18.0110 2816 IRENUM - ok
18:46:18.0172 2816 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:46:18.0531 2816 isapnp - ok
18:46:18.0593 2816 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
18:46:18.0812 2816 iScsiPrt - ok
18:46:18.0858 2816 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
18:46:19.0077 2816 kbdclass - ok
18:46:19.0108 2816 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
18:46:19.0420 2816 kbdhid - ok
18:46:19.0482 2816 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
18:46:19.0748 2816 KeyIso - ok
18:46:19.0810 2816 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:46:20.0028 2816 KSecDD - ok
18:46:20.0075 2816 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:46:20.0294 2816 KSecPkg - ok
18:46:20.0340 2816 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:46:20.0652 2816 ksthunk - ok
18:46:20.0746 2816 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
18:46:21.0261 2816 KtmRm - ok
18:46:21.0354 2816 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
18:46:21.0713 2816 LanmanServer - ok
18:46:21.0822 2816 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:46:22.0197 2816 LanmanWorkstation - ok
18:46:22.0259 2816 [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd C:\windows\system32\DRIVERS\Lbd.sys
18:46:22.0696 2816 Lbd - ok
18:46:22.0914 2816 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:46:23.0882 2816 LiveUpdate - ok
18:46:23.0928 2816 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:46:24.0225 2816 lltdio - ok
18:46:24.0287 2816 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
18:46:24.0755 2816 lltdsvc - ok
18:46:24.0802 2816 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:46:25.0270 2816 lmhosts - ok
18:46:25.0317 2816 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:46:25.0707 2816 LSI_FC - ok
18:46:25.0738 2816 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:46:26.0112 2816 LSI_SAS - ok
18:46:26.0175 2816 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:46:26.0518 2816 LSI_SAS2 - ok
18:46:26.0549 2816 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:46:26.0892 2816 LSI_SCSI - ok
18:46:26.0939 2816 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
18:46:27.0314 2816 luafv - ok
18:46:27.0360 2816 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\windows\system32\drivers\massfilter.sys
18:46:27.0782 2816 massfilter - ok
18:46:27.0844 2816 [ 7AD627CDB12F5F451F24C8A97CA6E175 ] massfilter_hs C:\windows\system32\drivers\massfilter_hs.sys
18:46:28.0203 2816 massfilter_hs - ok
18:46:28.0250 2816 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
18:46:28.0452 2816 MBAMProtector - ok
18:46:28.0515 2816 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:46:28.0905 2816 MBAMScheduler - ok
18:46:28.0983 2816 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:46:29.0357 2816 MBAMService - ok
18:46:29.0404 2816 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:46:29.0763 2816 megasas - ok
18:46:29.0825 2816 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:46:30.0231 2816 MegaSR - ok
18:46:30.0356 2816 Microsoft SharePoint Workspace Audit Service - ok
18:46:30.0402 2816 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
18:46:30.0746 2816 MMCSS - ok
18:46:30.0777 2816 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
18:46:31.0058 2816 Modem - ok
18:46:31.0104 2816 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:46:31.0401 2816 monitor - ok
18:46:31.0448 2816 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:46:31.0697 2816 mouclass - ok
18:46:31.0728 2816 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:46:32.0009 2816 mouhid - ok
18:46:32.0072 2816 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:46:32.0290 2816 mountmgr - ok
18:46:32.0337 2816 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:46:33.0164 2816 MozillaMaintenance - ok
18:46:33.0195 2816 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
18:46:33.0600 2816 mpio - ok
18:46:33.0663 2816 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:46:34.0209 2816 mpsdrv - ok
18:46:34.0302 2816 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
18:46:34.0770 2816 MpsSvc - ok
18:46:34.0833 2816 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\windows\system32\drivers\mqac.sys
18:46:35.0176 2816 MQAC - ok
18:46:35.0223 2816 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:46:35.0691 2816 MRxDAV - ok
18:46:35.0753 2816 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:46:36.0081 2816 mrxsmb - ok
18:46:36.0174 2816 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:46:36.0471 2816 mrxsmb10 - ok
18:46:36.0533 2816 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:46:36.0798 2816 mrxsmb20 - ok
18:46:36.0861 2816 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
18:46:37.0235 2816 msahci - ok
18:46:37.0266 2816 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:46:37.0688 2816 msdsm - ok
18:46:37.0750 2816 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
18:46:37.0984 2816 MSDTC - ok
18:46:38.0062 2816 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:46:38.0343 2816 Msfs - ok
18:46:38.0421 2816 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:46:38.0795 2816 mshidkmdf - ok
18:46:38.0858 2816 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:46:39.0060 2816 msisadrv - ok
18:46:39.0138 2816 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:46:39.0591 2816 MSiSCSI - ok
18:46:39.0622 2816 msiserver - ok
18:46:39.0669 2816 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:46:40.0074 2816 MSKSSRV - ok
18:46:40.0121 2816 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\windows\system32\mqsvc.exe
18:46:40.0371 2816 MSMQ - ok
18:46:40.0433 2816 [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers C:\windows\system32\mqtgsvc.exe
18:46:40.0683 2816 MSMQTriggers - ok
18:46:40.0714 2816 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:46:41.0073 2816 MSPCLOCK - ok
18:46:41.0088 2816 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:46:41.0478 2816 MSPQM - ok
18:46:41.0541 2816 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:46:41.0759 2816 MsRPC - ok
18:46:41.0822 2816 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
18:46:42.0056 2816 mssmbios - ok
18:46:42.0102 2816 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:46:42.0492 2816 MSTEE - ok
18:46:42.0524 2816 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:46:42.0867 2816 MTConfig - ok
18:46:42.0898 2816 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
18:46:43.0194 2816 Mup - ok
18:46:43.0335 2816 [ 4897B109276C61FB34C9B50F342C12D3 ] MWconn_Internet_0 C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe
18:47:03.0896 2816 MWconn_Internet_0 ( UnsignedFile.Multi.Generic ) - warning
18:47:03.0896 2816 MWconn_Internet_0 - detected UnsignedFile.Multi.Generic (1)
18:47:03.0989 2816 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
18:47:04.0364 2816 napagent - ok
18:47:04.0426 2816 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:47:04.0925 2816 NativeWifiP - ok
18:47:05.0081 2816 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121204.019\ENG64.SYS
18:47:05.0518 2816 NAVENG - ok
18:47:05.0612 2816 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121204.019\EX64.SYS
18:47:06.0064 2816 NAVEX15 - ok
18:47:06.0142 2816 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
18:47:06.0516 2816 NDIS - ok
18:47:06.0563 2816 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:47:07.0000 2816 NdisCap - ok
18:47:07.0047 2816 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:47:07.0343 2816 NdisTapi - ok
18:47:07.0406 2816 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:47:07.0827 2816 Ndisuio - ok
18:47:07.0889 2816 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:47:08.0186 2816 NdisWan - ok
18:47:08.0248 2816 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:47:08.0513 2816 NDProxy - ok
18:47:08.0560 2816 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:47:08.0856 2816 NetBIOS - ok
18:47:08.0919 2816 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:47:09.0184 2816 NetBT - ok
18:47:09.0231 2816 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
18:47:09.0496 2816 Netlogon - ok
18:47:09.0590 2816 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
18:47:09.0917 2816 Netman - ok
18:47:09.0964 2816 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:10.0354 2816 NetMsmqActivator - ok
18:47:10.0401 2816 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:10.0588 2816 NetPipeActivator - ok
18:47:10.0666 2816 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
18:47:11.0103 2816 netprofm - ok
18:47:11.0196 2816 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
18:47:11.0680 2816 netr28x - ok
18:47:11.0742 2816 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:11.0976 2816 NetTcpActivator - ok
18:47:12.0039 2816 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:12.0242 2816 NetTcpPortSharing - ok
18:47:12.0273 2816 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:47:12.0678 2816 nfrd960 - ok
18:47:12.0741 2816 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
18:47:13.0053 2816 NlaSvc - ok
18:47:13.0084 2816 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\windows\system32\drivers\ccdcmbx64.sys
18:47:13.0505 2816 nmwcd - ok
18:47:13.0583 2816 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\windows\system32\drivers\ccdcmbox64.sys
18:47:14.0051 2816 nmwcdc - ok
18:47:14.0114 2816 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:47:14.0410 2816 Npfs - ok
18:47:14.0472 2816 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
18:47:14.0738 2816 nsi - ok
18:47:14.0769 2816 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:47:15.0050 2816 nsiproxy - ok
18:47:15.0143 2816 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:47:15.0440 2816 Ntfs - ok
18:47:15.0486 2816 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
18:47:15.0736 2816 Null - ok
18:47:15.0783 2816 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\windows\system32\DRIVERS\nvm62x64.sys
18:47:16.0251 2816 NVENETFD - ok
18:47:16.0298 2816 nvlddmkm - ok
18:47:16.0391 2816 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\windows\system32\DRIVERS\nvmf6264.sys
18:47:16.0890 2816 NVNET - ok
18:47:16.0937 2816 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
18:47:17.0358 2816 nvraid - ok
18:47:17.0405 2816 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
18:47:17.0624 2816 nvstor - ok
18:47:17.0702 2816 [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64 C:\windows\system32\DRIVERS\nvstor64.sys
18:47:17.0982 2816 nvstor64 - ok
18:47:18.0029 2816 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:47:18.0435 2816 nv_agp - ok
18:47:18.0482 2816 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:47:18.0872 2816 ohci1394 - ok
18:47:18.0965 2816 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:20.0057 2816 ose - ok
18:47:20.0447 2816 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:47:21.0336 2816 osppsvc - ok
18:47:21.0461 2816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:47:21.0742 2816 p2pimsvc - ok
18:47:21.0804 2816 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
18:47:22.0101 2816 p2psvc - ok
18:47:22.0148 2816 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:47:22.0553 2816 Parport - ok
18:47:22.0600 2816 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
18:47:22.0787 2816 partmgr - ok
18:47:22.0850 2816 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:47:23.0177 2816 PcaSvc - ok
18:47:23.0255 2816 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfdx64.sys
18:47:23.0754 2816 pccsmcfd - ok
18:47:23.0801 2816 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
18:47:24.0020 2816 pci - ok
18:47:24.0051 2816 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
18:47:24.0269 2816 pciide - ok
18:47:24.0347 2816 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:47:24.0722 2816 pcmcia - ok
18:47:24.0768 2816 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
18:47:25.0018 2816 pcw - ok
18:47:25.0065 2816 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:47:25.0361 2816 PEAUTH - ok
18:47:25.0470 2816 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
18:47:25.0845 2816 PeerDistSvc - ok
18:47:26.0048 2816 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
18:47:26.0718 2816 PerfHost - ok
18:47:26.0874 2816 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
18:47:27.0483 2816 pla - ok
18:47:27.0561 2816 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:47:27.0920 2816 PlugPlay - ok
18:47:27.0998 2816 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:47:28.0232 2816 PNRPAutoReg - ok
18:47:28.0278 2816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:47:28.0544 2816 PNRPsvc - ok
18:47:28.0622 2816 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:47:28.0918 2816 PolicyAgent - ok
18:47:28.0980 2816 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
18:47:29.0339 2816 Power - ok
18:47:29.0386 2816 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:47:29.0682 2816 PptpMiniport - ok
18:47:29.0714 2816 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
18:47:30.0119 2816 Processor - ok
18:47:30.0197 2816 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
18:47:30.0478 2816 ProfSvc - ok
18:47:30.0509 2816 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:47:30.0743 2816 ProtectedStorage - ok
18:47:30.0806 2816 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:47:31.0086 2816 Psched - ok
18:47:31.0180 2816 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:47:31.0632 2816 ql2300 - ok
18:47:31.0664 2816 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:47:32.0038 2816 ql40xx - ok
18:47:32.0100 2816 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
18:47:32.0537 2816 QWAVE - ok
18:47:32.0584 2816 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:47:33.0005 2816 QWAVEdrv - ok
18:47:33.0068 2816 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:47:33.0551 2816 RasAcd - ok
18:47:33.0598 2816 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:47:33.0894 2816 RasAgileVpn - ok
18:47:33.0941 2816 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
18:47:34.0269 2816 RasAuto - ok
18:47:34.0316 2816 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:47:34.0628 2816 Rasl2tp - ok
18:47:34.0737 2816 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
18:47:35.0080 2816 RasMan - ok
18:47:35.0127 2816 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:47:35.0423 2816 RasPppoe - ok
18:47:35.0454 2816 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:47:35.0766 2816 RasSstp - ok
18:47:35.0844 2816 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:47:36.0281 2816 rdbss - ok
18:47:36.0312 2816 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:47:36.0546 2816 rdpbus - ok
18:47:36.0624 2816 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:47:36.0936 2816 RDPCDD - ok
18:47:37.0014 2816 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
18:47:37.0389 2816 RDPDR - ok
18:47:37.0451 2816 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:47:37.0716 2816 RDPENCDD - ok
18:47:37.0763 2816 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:47:38.0044 2816 RDPREFMP - ok
18:47:38.0138 2816 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
18:47:38.0496 2816 RdpVideoMiniport - ok
18:47:38.0574 2816 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:47:38.0808 2816 RDPWD - ok
18:47:38.0855 2816 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:47:39.0089 2816 rdyboost - ok
18:47:39.0167 2816 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:47:39.0573 2816 RemoteAccess - ok
18:47:39.0713 2816 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:47:40.0056 2816 RemoteRegistry - ok
18:47:40.0119 2816 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
18:47:40.0400 2816 RMCAST - ok
18:47:40.0478 2816 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:47:40.0790 2816 RpcEptMapper - ok
18:47:40.0836 2816 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
18:47:41.0070 2816 RpcLocator - ok
18:47:41.0148 2816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
18:47:41.0507 2816 RpcSs - ok
18:47:41.0554 2816 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:47:41.0819 2816 rspndr - ok
18:47:41.0882 2816 [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64 C:\windows\system32\DRIVERS\netr6164.sys
18:47:42.0147 2816 rt61x64 - ok
18:47:42.0194 2816 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
18:47:42.0443 2816 s3cap - ok
18:47:42.0506 2816 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
18:47:42.0755 2816 SamSs - ok
18:47:42.0802 2816 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:47:43.0254 2816 sbp2port - ok
18:47:43.0317 2816 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
18:47:43.0644 2816 SCardSvr - ok
18:47:43.0707 2816 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:47:43.0972 2816 scfilter - ok
18:47:44.0097 2816 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
18:47:44.0518 2816 Schedule - ok
18:47:44.0596 2816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
18:47:44.0861 2816 SCPolicySvc - ok
18:47:44.0939 2816 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:47:45.0189 2816 SDRSVC - ok
18:47:45.0236 2816 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:47:45.0548 2816 secdrv - ok
18:47:45.0610 2816 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
18:47:45.0906 2816 seclogon - ok
18:47:45.0969 2816 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
18:47:46.0281 2816 SENS - ok
18:47:46.0312 2816 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:47:46.0718 2816 SensrSvc - ok
18:47:46.0749 2816 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:47:46.0983 2816 Serenum - ok
18:47:47.0030 2816 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:47:47.0295 2816 Serial - ok
18:47:47.0342 2816 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:47:47.0576 2816 sermouse - ok
18:47:47.0669 2816 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:47:48.0059 2816 ServiceLayer - ok
18:47:48.0184 2816 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
18:47:48.0605 2816 SessionEnv - ok
18:47:48.0683 2816 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:47:49.0042 2816 sffdisk - ok
18:47:49.0073 2816 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:47:49.0416 2816 sffp_mmc - ok
18:47:49.0463 2816 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:47:49.0791 2816 sffp_sd - ok
18:47:49.0838 2816 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:47:50.0072 2816 sfloppy - ok
18:47:50.0165 2816 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
18:47:50.0602 2816 SharedAccess - ok
18:47:50.0680 2816 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:47:51.0164 2816 ShellHWDetection - ok
18:47:51.0226 2816 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\windows\System32\tcpsvcs.exe
18:47:51.0522 2816 simptcp - ok
18:47:51.0569 2816 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:47:51.0928 2816 SiSRaid2 - ok
18:47:51.0975 2816 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:47:52.0302 2816 SiSRaid4 - ok
18:47:52.0334 2816 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:47:52.0614 2816 Smb - ok
18:47:52.0817 2816 [ 26EB194D1FB2870E0453A99B84889F8D ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
18:47:53.0301 2816 SmcService - ok
18:47:53.0410 2816 [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
18:47:53.0816 2816 SNAC - ok
18:47:53.0894 2816 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:47:54.0237 2816 SNMPTRAP - ok
18:47:54.0268 2816 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
18:47:54.0486 2816 spldr - ok
18:47:54.0549 2816 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
18:47:55.0017 2816 Spooler - ok
18:47:55.0188 2816 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
18:48:00.0149 2816 sppsvc - ok
18:48:00.0227 2816 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:48:00.0680 2816 sppuinotify - ok
18:48:00.0726 2816 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\windows\system32\Drivers\SRTSP64.SYS
18:48:01.0132 2816 SRTSP - ok
18:48:01.0194 2816 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\windows\system32\Drivers\SRTSPL64.SYS
18:48:01.0631 2816 SRTSPL - ok
18:48:01.0662 2816 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\windows\system32\Drivers\SRTSPX64.SYS
18:48:02.0021 2816 SRTSPX - ok
18:48:02.0099 2816 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
18:48:02.0364 2816 srv - ok
18:48:02.0427 2816 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:48:02.0692 2816 srv2 - ok
18:48:02.0739 2816 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:48:03.0004 2816 srvnet - ok
18:48:03.0066 2816 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:48:03.0332 2816 SSDPSRV - ok
18:48:03.0410 2816 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
18:48:03.0753 2816 SstpSvc - ok
18:48:03.0815 2816 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\windows\system32\DRIVERS\ss_bbus.sys
18:48:04.0018 2816 ss_bbus - ok
18:48:04.0065 2816 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\windows\system32\DRIVERS\ss_bmdfl.sys
18:48:04.0252 2816 ss_bmdfl - ok
18:48:04.0299 2816 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\windows\system32\DRIVERS\ss_bmdm.sys
18:48:04.0595 2816 ss_bmdm - ok
18:48:04.0642 2816 Steam Client Service - ok
18:48:04.0689 2816 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:48:05.0172 2816 stexstor - ok
18:48:05.0266 2816 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
18:48:05.0687 2816 stisvc - ok
18:48:05.0750 2816 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
18:48:05.0968 2816 storflt - ok
18:48:06.0062 2816 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
18:48:06.0483 2816 StorSvc - ok
18:48:06.0545 2816 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
18:48:06.0904 2816 storvsc - ok
18:48:06.0935 2816 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
18:48:07.0200 2816 swenum - ok
18:48:07.0278 2816 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
18:48:07.0762 2816 swprv - ok
18:48:07.0871 2816 [ F3A4EAD0B3946E439F0397F7A4D09952 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:48:08.0386 2816 Symantec AntiVirus - ok
18:48:08.0433 2816 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:48:08.0838 2816 SymEvent - ok
18:48:08.0948 2816 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
18:48:09.0322 2816 SysMain - ok
18:48:09.0400 2816 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:48:09.0821 2816 TabletInputService - ok
18:48:09.0899 2816 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
18:48:10.0180 2816 TapiSrv - ok
18:48:10.0258 2816 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
18:48:10.0679 2816 TBS - ok
18:48:10.0820 2816 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:48:11.0132 2816 Tcpip - ok
18:48:11.0241 2816 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:48:11.0506 2816 TCPIP6 - ok
18:48:11.0584 2816 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:48:11.0834 2816 tcpipreg - ok
18:48:11.0912 2816 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:48:12.0114 2816 TDPIPE - ok
18:48:12.0161 2816 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:48:12.0442 2816 TDTCP - ok
18:48:12.0536 2816 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:48:12.0848 2816 tdx - ok
18:48:12.0926 2816 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\windows\system32\DRIVERS\teefer2.sys
18:48:13.0191 2816 Teefer2 - ok
18:48:13.0238 2816 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
18:48:13.0487 2816 TermDD - ok
18:48:13.0550 2816 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
18:48:13.0877 2816 TermService - ok
18:48:13.0924 2816 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\windows\System32\Drivers\TFsExDisk.sys
18:48:14.0236 2816 TFsExDisk - ok
18:48:14.0314 2816 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
18:48:14.0579 2816 Themes - ok
18:48:14.0673 2816 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
18:48:14.0969 2816 THREADORDER - ok
18:48:15.0047 2816 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
18:48:15.0422 2816 TrkWks - ok
18:48:15.0515 2816 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:48:15.0874 2816 TrustedInstaller - ok
18:48:15.0936 2816 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:48:16.0217 2816 tssecsrv - ok
18:48:16.0295 2816 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:48:16.0560 2816 TsUsbFlt - ok
18:48:16.0638 2816 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:48:16.0919 2816 tunnel - ok
18:48:16.0950 2816 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:48:17.0184 2816 uagp35 - ok
18:48:17.0247 2816 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:48:17.0559 2816 udfs - ok
18:48:17.0699 2816 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
18:48:18.0994 2816 UI Assistant Service - ok
18:48:19.0041 2816 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:48:19.0446 2816 UI0Detect - ok
18:48:19.0509 2816 [ 49B13845F0DBE39B47FC91DC46B2170A ] UimBus C:\windows\system32\DRIVERS\uimx64.sys
18:48:19.0743 2816 UimBus - ok
18:48:19.0790 2816 [ DD46BEC773C011EAA5E502C43A73A1CC ] Uim_IM C:\windows\system32\Drivers\Uim_IMx64.sys
18:48:20.0102 2816 Uim_IM - ok
18:48:20.0133 2816 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:48:20.0351 2816 uliagpkx - ok
18:48:20.0398 2816 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
18:48:20.0616 2816 umbus - ok
18:48:20.0679 2816 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:48:20.0928 2816 UmPass - ok
18:48:20.0991 2816 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
18:48:21.0287 2816 UmRdpService - ok
18:48:21.0350 2816 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
18:48:21.0818 2816 upnphost - ok
18:48:21.0880 2816 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:48:22.0270 2816 upperdev - ok
18:48:22.0332 2816 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
18:48:22.0644 2816 usbaudio - ok
18:48:22.0691 2816 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:48:22.0956 2816 usbccgp - ok
18:48:22.0988 2816 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:48:23.0315 2816 usbcir - ok
18:48:23.0378 2816 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:48:23.0658 2816 usbehci - ok
18:48:23.0705 2816 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:48:24.0017 2816 usbhub - ok
18:48:24.0048 2816 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
18:48:24.0282 2816 usbohci - ok
18:48:24.0329 2816 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:48:24.0579 2816 usbprint - ok
18:48:24.0641 2816 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\drivers\usbser.sys
18:48:25.0047 2816 usbser - ok
18:48:25.0078 2816 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys
18:48:25.0468 2816 UsbserFilt - ok
18:48:25.0515 2816 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:48:25.0780 2816 USBSTOR - ok
18:48:25.0827 2816 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:48:26.0076 2816 usbuhci - ok
18:48:26.0154 2816 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
18:48:26.0466 2816 UxSms - ok
18:48:26.0513 2816 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
18:48:26.0747 2816 VaultSvc - ok
18:48:26.0778 2816 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:48:26.0997 2816 vdrvroot - ok
18:48:27.0090 2816 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
18:48:27.0527 2816 vds - ok
18:48:27.0558 2816 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:48:27.0792 2816 vga - ok
18:48:27.0839 2816 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
18:48:28.0136 2816 VgaSave - ok
18:48:28.0198 2816 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:48:28.0448 2816 vhdmp - ok
18:48:28.0479 2816 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
18:48:28.0650 2816 viaide - ok
18:48:28.0697 2816 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
18:48:28.0931 2816 vmbus - ok
18:48:28.0978 2816 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
18:48:29.0415 2816 VMBusHID - ok
18:48:29.0462 2816 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:48:29.0664 2816 volmgr - ok
18:48:29.0742 2816 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:48:30.0008 2816 volmgrx - ok
18:48:30.0086 2816 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:48:30.0366 2816 volsnap - ok
18:48:30.0429 2816 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
18:48:30.0647 2816 vpcbus - ok
18:48:30.0694 2816 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
18:48:30.0928 2816 vpcnfltr - ok
18:48:30.0975 2816 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
18:48:31.0256 2816 vpcusb - ok
18:48:31.0318 2816 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
18:48:31.0568 2816 vpcvmm - ok
18:48:31.0630 2816 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:48:31.0864 2816 vsmraid - ok
18:48:31.0958 2816 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
18:48:32.0472 2816 VSS - ok
18:48:32.0519 2816 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:48:32.0831 2816 vwifibus - ok
18:48:32.0878 2816 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:48:33.0143 2816 vwififlt - ok
18:48:33.0221 2816 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
18:48:33.0596 2816 W32Time - ok
18:48:33.0689 2816 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\windows\system32\inetsrv\iisw3adm.dll
18:48:34.0095 2816 W3SVC - ok
18:48:34.0157 2816 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:48:34.0454 2816 WacomPen - ok
18:48:34.0516 2816 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:48:34.0875 2816 WANARP - ok
18:48:34.0906 2816 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:48:35.0280 2816 Wanarpv6 - ok
18:48:35.0358 2816 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
18:48:35.0670 2816 WAS - ok
18:48:35.0795 2816 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
18:48:36.0201 2816 WatAdminSvc - ok
18:48:36.0326 2816 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
18:48:36.0762 2816 wbengine - ok
18:48:36.0825 2816 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:48:37.0277 2816 WbioSrvc - ok
18:48:37.0386 2816 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
18:48:37.0839 2816 wcncsvc - ok
18:48:37.0901 2816 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:48:38.0322 2816 WcsPlugInService - ok
18:48:38.0369 2816 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
18:48:38.0744 2816 Wd - ok
18:48:38.0868 2816 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:48:39.0118 2816 Wdf01000 - ok
18:48:39.0196 2816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
18:48:39.0508 2816 WdiServiceHost - ok
18:48:39.0570 2816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
18:48:39.0867 2816 WdiSystemHost - ok
18:48:39.0929 2816 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
18:48:40.0444 2816 WebClient - ok
18:48:40.0538 2816 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
18:48:41.0006 2816 Wecsvc - ok
18:48:41.0037 2816 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:48:41.0318 2816 wercplsupport - ok
18:48:41.0396 2816 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
18:48:41.0708 2816 WerSvc - ok
18:48:41.0754 2816 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:48:42.0051 2816 WfpLwf - ok
18:48:42.0098 2816 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:48:42.0519 2816 WIMMount - ok
18:48:42.0566 2816 WinDefend - ok
18:48:42.0659 2816 WinHttpAutoProxySvc - ok
18:48:42.0768 2816 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:48:43.0096 2816 Winmgmt - ok
18:48:43.0205 2816 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
18:48:43.0767 2816 WinRM - ok
18:48:43.0876 2816 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:48:44.0250 2816 WinUsb - ok
18:48:44.0344 2816 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
18:48:44.0687 2816 Wlansvc - ok
18:48:44.0750 2816 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:48:44.0984 2816 WmiAcpi - ok
18:48:45.0046 2816 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:48:45.0592 2816 wmiApSrv - ok
18:48:45.0654 2816 WMPNetworkSvc - ok
18:48:45.0779 2816 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
18:48:46.0122 2816 WPCSvc - ok
18:48:46.0169 2816 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:48:46.0559 2816 WPDBusEnum - ok
18:48:46.0637 2816 [ C5CB802D660610D38B3AA0148D5498E1 ] WPS C:\windows\system32\drivers\wpsdrvnt.sys
18:48:46.0824 2816 WPS - ok
18:48:46.0887 2816 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\windows\system32\drivers\WpsHelper.sys
18:48:47.0308 2816 WpsHelper - ok
18:48:47.0355 2816 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:48:47.0651 2816 ws2ifsl - ok
18:48:47.0729 2816 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
18:48:48.0010 2816 wscsvc - ok
18:48:48.0072 2816 WSearch - ok
18:48:48.0244 2816 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
18:48:48.0821 2816 wuauserv - ok
18:48:48.0899 2816 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:48:49.0118 2816 WudfPf - ok
18:48:49.0180 2816 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:48:49.0492 2816 WUDFRd - ok
18:48:49.0554 2816 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:48:49.0804 2816 wudfsvc - ok
18:48:49.0898 2816 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
18:48:50.0303 2816 WwanSvc - ok
18:48:50.0397 2816 X6va002 - ok
18:48:50.0444 2816 X6va003 - ok
18:48:50.0475 2816 X6va005 - ok
18:48:50.0522 2816 X6va006 - ok
18:48:50.0553 2816 X6va007 - ok
18:48:50.0693 2816 X6va008 - ok
18:48:50.0709 2816 X6va009 - ok
18:48:50.0756 2816 X6va011 - ok
18:48:50.0818 2816 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:48:51.0083 2816 ZTEusbmdm6k - ok
18:48:51.0130 2816 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
18:48:51.0395 2816 ZTEusbnmea - ok
18:48:51.0442 2816 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
18:48:51.0723 2816 ZTEusbser6k - ok
18:48:51.0816 2816 [ B685EB7AAC37E980E33A84E263D92110 ] ZTEusbwwan C:\windows\system32\DRIVERS\ZTEusbwwan.sys
18:48:52.0035 2816 ZTEusbwwan - ok
18:48:52.0097 2816 ================ Scan global ===============================
18:48:52.0160 2816 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:48:52.0222 2816 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
18:48:52.0269 2816 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
18:48:52.0316 2816 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:48:52.0347 2816 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:48:52.0394 2816 [Global] - ok
18:48:52.0394 2816 ================ Scan MBR ==================================
18:48:52.0394 2816 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:53.0330 2816 \Device\Harddisk0\DR0 - ok
18:48:53.0330 2816 ================ Scan VBR ==================================
18:48:53.0345 2816 [ 96D3C70258F5F20CFEF4607E11883C1E ] \Device\Harddisk0\DR0\Partition1
18:48:53.0361 2816 \Device\Harddisk0\DR0\Partition1 - ok
18:48:53.0408 2816 [ 934F804A233CF9197D309FF9F3F42C4B ] \Device\Harddisk0\DR0\Partition2
18:48:53.0423 2816 \Device\Harddisk0\DR0\Partition2 - ok
18:48:53.0423 2816 ============================================================
18:48:53.0423 2816 Scan finished
18:48:53.0439 2816 ============================================================
18:48:53.0470 2764 Detected object count: 2
18:48:53.0470 2764 Actual detected object count: 2
18:50:13.0794 2764 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:13.0794 2764 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:13.0810 2764 MWconn_Internet_0 ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:13.0810 2764 MWconn_Internet_0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.12.2012, 19:30
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Massive Performanceeinbrüche durch Trojan.ADH.2? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 12:31
| #12 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo Cosinus, Folgendes hab' ich gemacht: Da ja alle Virenscanner etc. deaktiviert sein sollen, bevor ComboFix gestartet wird, hab ich mbam mit nem Rechtsklick auf das Icon in der Taskleiste und nem Klick auf "Verlassen" beenden wollen. Das hat nen Bluescreen und Neustart d. Rechners verursacht. Als Windows danach wieder komplett gestartet war, hab ich die beiden mbam-Dienste in der Systemsteuerung beendet und deaktiviert. Da trotzdem noch die Prozesse dazu im Taskmanager aktiv waren, hab ich die auch gekickt. Das hat dann funktioniert. ComboFix kann ich nicht ausführen, zumindest nicht, wenn ich Windows normal gestartet habe. Ich führe es als Administrator aus, das Prog. startet und nach dem Punkt, wo die Registry gesichert wird, bekomme ich nach ca. 20 Sek. - 2 Min. einen Bluescreen und der Rechner startet neu. Das passiert jedes Mal. Ich hab noch nicht versucht, ComboFix im abgesicherten Modus zu starten. Gibt es dazu irgendwelche Infos, die ich Dir dazu noch liefern kann (z.B. event viewer logs o.ä.)? Meinst Du, es macht Sinn, überhaupt noch was zu versuchen und Stunde um Stunde Deiner und meiner Zeit zu investieren oder soll ich den Rechner neu aufsetzen? Falls er neu aufgesetzt werden muss, hab ich noch eine Frage: Da ich ein wirklich sauberes System danach haben möchte, werde ich keine Dateien sichern (die Verluste muss ich in Kauf nehmen) und auch kein Recovery durchführen. Mit welchem Programm kann ich die HDD's so plattmachen, dass garantiert nichts mehr drauf sein kann (sag bitte nicht "mit dem LKW"). Nicht mal etwas, was nach einer "normalen" Formatierung noch drauf sein könnte. Sorry, aber ich resigniere.... Bei jedem Win-Start 4 Minuten lang "Windows wird gestartet" anstarren zu müssen und nach 7 Minuten mal was am Rechner öffnen zu können, das dann mit nem Bluescreen endet, macht müde. Gruß schuka |
|
14.12.2012, 13:16
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Massive Performanceeinbrüche durch Trojan.ADH.2? Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. Notfalls combofix im abgesicherten Modus mit Netzwerktreibern.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 16:29
| #14 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo Cosinus, das kann ich erst morgen oder übermorgen machen, da ich hier nur mit UMTS-Stick arbeite und nur zuhause WLAN habe (bin Wochenendpendler). Und der UMTS-Stick wird im abgesicherten Modus (auch mit Netzwerktreibern) nicht unterstützt. Schönes Wochenende! Gruß schuka |
|
15.12.2012, 17:27
| #15 |
| | Massive Performanceeinbrüche durch Trojan.ADH.2? Hallo Cosinus, hier das ComboFix-Log. Im abgesicherten Modus hat es funktioniert. Code:
ATTFilter ComboFix 12-12-14.01 - Steff 15.12.2012 15:07:09.1.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4096.2823 [GMT 1:00]
ausgeführt von:: c:\users\Steff\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\~.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-15 bis 2012-12-15 ))))))))))))))))))))))))))))))
.
.
2012-12-15 14:11 . 2012-12-15 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-09 19:05 . 2012-12-09 19:05 -------- d-----w- c:\program files (x86)\ESET
2012-12-08 17:14 . 2012-12-08 17:14 -------- d-----w- c:\users\Steff\AppData\Local\AMD
2012-12-08 17:07 . 2012-12-08 17:07 -------- d-----w- c:\users\Steff\AppData\Roaming\ATI
2012-12-08 17:07 . 2012-12-08 17:07 -------- d-----w- c:\users\Steff\AppData\Local\ATI
2012-12-08 17:07 . 2012-12-08 17:07 -------- d-----w- c:\programdata\ATI
2012-12-08 17:04 . 2012-12-08 17:04 0 ----a-w- c:\windows\ativpsrm.bin
2012-12-08 16:58 . 2012-12-08 16:58 -------- d-----w- c:\program files (x86)\AMD AVT
2012-12-08 16:58 . 2012-12-08 16:58 -------- d-----w- c:\program files (x86)\AMD APP
2012-12-08 16:58 . 2012-12-08 16:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-12-08 16:58 . 2012-12-08 16:58 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-12-08 16:52 . 2012-12-08 16:59 -------- d-----w- c:\programdata\AMD
2012-12-08 16:52 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-12-08 16:48 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-12-08 16:45 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-12-08 16:45 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-12-08 16:43 . 2012-12-08 16:43 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-12-08 16:42 . 2012-12-08 16:42 -------- d-----w- c:\program files\ATI
2012-12-08 16:38 . 2012-12-08 16:56 -------- d-----w- c:\program files\ATI Technologies
2012-12-07 16:07 . 2012-12-07 16:17 -------- d-----w- C:\ubcd-extracted
2012-12-06 20:09 . 2012-12-06 20:09 -------- d-----w- c:\users\Steff\AppData\Local\Apps
2012-12-06 18:16 . 2012-12-06 18:16 -------- d-----w- c:\programdata\Malwarebytes
2012-12-06 18:15 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-06 18:15 . 2012-12-06 18:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 21:49 . 2009-10-29 18:28 119680 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-12-05 21:49 . 2009-10-29 18:28 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-12-05 21:49 . 2009-10-29 18:28 119680 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-12-05 21:48 . 2012-12-05 22:53 -------- d-----w- c:\program files (x86)\1&1 Surf-Stick
2012-12-05 21:45 . 2012-09-08 14:47 276992 ----a-w- c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\CONTROL.exe
2012-12-05 21:24 . 2009-10-29 18:28 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-12-05 21:01 . 2012-12-05 21:01 -------- d-----w- c:\users\Steff\AppData\Local\ElevatedDiagnostics
2012-12-05 20:48 . 2012-09-08 14:47 276992 ----a-w- c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTSGPRS.exe
2012-12-05 20:47 . 2012-09-08 14:47 276992 ----a-w- c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe
2012-12-05 20:47 . 2012-09-08 14:47 276992 ----a-w- c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\GPRS.exe
2012-12-05 20:47 . 2012-09-08 14:47 276992 ----a-w- c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\CONFIG.exe
2012-12-05 20:46 . 2012-09-08 14:47 276992 ----a-w- c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\MWconn.exe
2012-12-05 20:43 . 2012-12-05 21:24 -------- d-----w- C:\MWconn
2012-12-05 09:29 . 2012-12-05 09:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-05 09:29 . 2012-12-05 09:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-04 23:05 . 2012-12-06 18:24 -------- d-----w- c:\users\Steff\AppData\Roaming\dvdcss
2012-12-04 21:23 . 2012-12-04 21:23 -------- d-----w- c:\program files\CCleaner
2012-12-04 19:54 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8129240-89A8-43F5-A40F-C3B6B44CEDFD}\mpengine.dll
2012-12-04 19:01 . 2012-12-04 19:01 -------- d-----w- c:\users\Steff\AppData\Local\Microsoft_Corporation
2012-12-04 18:20 . 2012-12-04 18:20 4891377 ----a-w- c:\windows\SysWow64\~.tmp
2012-12-03 00:13 . 2012-12-03 00:13 289768 ----a-w- c:\windows\system32\javaws.exe
2012-12-03 00:13 . 2012-12-03 00:13 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-03 00:13 . 2012-12-03 00:13 189416 ----a-w- c:\windows\system32\javaw.exe
2012-12-03 00:13 . 2012-12-03 00:13 188904 ----a-w- c:\windows\system32\java.exe
2012-12-03 00:12 . 2012-12-03 00:12 -------- d-----w- c:\program files\Java
2012-11-28 19:48 . 2012-11-28 19:47 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 13:58 . 2011-07-19 19:15 327680 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-12-03 00:13 . 2012-08-25 16:17 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-03 00:13 . 2012-08-25 16:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-28 19:47 . 2010-06-08 16:47 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 17:57 . 2009-12-13 15:37 66395536 ------w- c:\windows\system32\MRT.exe
2012-10-18 18:25 . 2012-11-14 17:54 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 08:38 . 2012-11-28 17:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 17:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 17:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-08 12:19 . 2012-11-14 18:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-10-08 11:42 . 2012-11-14 18:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-10-08 11:31 . 2012-11-14 18:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 11:24 . 2012-11-14 18:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-10-08 11:23 . 2012-11-14 18:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 11:22 . 2012-11-14 18:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 11:22 . 2012-11-14 18:02 237056 ----a-w- c:\windows\system32\url.dll
2012-10-08 11:20 . 2012-11-14 18:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-10-08 11:18 . 2012-11-14 18:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 11:17 . 2012-11-14 18:02 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 11:17 . 2012-11-14 18:02 816640 ----a-w- c:\windows\system32\jscript.dll
2012-10-08 11:15 . 2012-11-14 18:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-10-08 11:15 . 2012-11-14 18:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-10-08 11:13 . 2012-11-14 18:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-10-08 11:13 . 2012-11-14 18:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-08 11:09 . 2012-11-14 18:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-10-08 07:56 . 2012-11-14 18:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-10-08 07:48 . 2012-11-14 18:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-10-08 07:47 . 2012-11-14 18:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44 . 2012-11-14 18:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43 . 2012-11-14 18:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-10-08 07:40 . 2012-11-14 18:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-10-05 00:33 . 2011-09-02 13:02 233120 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-10-03 17:56 . 2012-11-14 17:54 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 17:53 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 17:53 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 17:53 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 17:53 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 17:53 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 17:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 17:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 17:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 17:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 17:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 17:53 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 17:53 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-03 14120]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2010-10-03 22040]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 massfilter_hs;massfilter_hs;c:\windows\system32\drivers\massfilter_hs.sys [2009-02-03 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
R3 X6va002;X6va002;c:\users\Steff\AppData\Local\Temp\002474E.tmp [x]
R3 X6va003;X6va003;c:\users\Steff\AppData\Local\Temp\0033B21.tmp [x]
R3 X6va005;X6va005;c:\users\Steff\AppData\Local\Temp\005BB53.tmp [x]
R3 X6va006;X6va006;c:\users\Steff\AppData\Local\Temp\006E8C8.tmp [x]
R3 X6va007;X6va007;c:\users\Steff\AppData\Local\Temp\00714C9.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-06-02 235520]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 MWconn_Internet_0;MWconn_Internet;c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe [2012-09-08 276992]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-03-28 37456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [2010-10-03 1293824]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: An OneNote s&enden - f:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - f:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de
FF - ExtSQL: 2012-10-24 19:47; uriloader@pdf.js; c:\users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\PnkBstrA]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va002]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\002474E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va003]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\0033B21.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va005]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\005BB53.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va006]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\006E8C8.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va007]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\00714C9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\0D756077321A70C3E844C138CE981581]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="8.0.50727"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\1B5423D68BD832A4C92DC2094FA0AB6F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="1.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\BC3612A074F4AA442A9163312306FC71]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="11.0.6005"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\D026E738E39B48D47A35EBD1EB7B611B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2562336682C91B850AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.66332652_9C28_58B1_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\6E8A266FCD4F2A1409E1C8110F44DBCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="4.20.9876"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\DDA39468D428E8B4DB27C8D5DC5CA217]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="4.20.9870"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.63E949F6_03BC_5C40_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\6E8A266FCD4F2A1409E1C8110F44DBCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9876.0"
"ProductVersion"="4.20.9876"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\DDA39468D428E8B4DB27C8D5DC5CA217]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9870.0"
"ProductVersion"="4.20.9870"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\94FB7165591953C49BDA8F1D56ED52BB\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.sxs.2E8D8EBB_CC16_45E1_BBCA_CB1ED881EDB7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AB4993037846EA74FAD1A76F80E8BEBD\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.sxs.2E8D8EBB_CC16_45E1_BBCA_CB1ED881EDB7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\1B5423D68BD832A4C92DC2094FA0AB6F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="1.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\7E577B2224C65CF4E801A9E52375DB49]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="14.0.1468"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\BC3612A074F4AA442A9163312306FC71]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="11.0.6005"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\D026E738E39B48D47A35EBD1EB7B611B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-15 15:13:28
ComboFix-quarantined-files.txt 2012-12-15 14:13
.
Vor Suchlauf: 9.730.334.720 Bytes frei
Nach Suchlauf: 9.696.641.024 Bytes frei
.
- - End Of File - - A1D95C9C2E8E6120FF84ADDA538034D8
schuka |
|
| Themen zu Massive Performanceeinbrüche durch Trojan.ADH.2? |
| 100%, 7-zip, error, hewlett packard, install.exe, nodrives, nvidia update, plug-in, registry cleaner, scan, software, starmoney, symantec, system, trojaner, windows |
Linear-Darstellung
