| |
| |||||||
Log-Analyse und Auswertung: Windows 7 sehr langsam trotz geringem RessourcenverbrauchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.10.2013, 16:01
| #1 |
| |  Windows 7 sehr langsam trotz geringem Ressourcenverbrauch Hallo, ich habe einen relativ neuen Rechner mit ordentlicher Hardware (Core i5, 8 GB RAM) der aus unerklärlichen Gründen sehr langsam ist. Der Bootvorgang dauert bis zur Benutzbarkeit des PCs 5 min. Programme reagieren im Allgemeinen sehr träge. Im Prinzip ist der PC unbenutzbar langsam. Ausgehend vom Taksmanager und dem Ressource Monitor sind RAM und CPU kaum ausgelastet, trotzdem ist der Rechner extrem langsam. Als AV-Software kommt Sophos (gibt es von meiner Uni) zum Einsatz. Persönlich habe ich bis jetzt anhand der Aneltungen hier im Forum verschiedene Scans durchgeführt und folgende Änderungen durchgeführt: 1.) Festplatte defragmentiert 2.) Windows-Index-Dienst sowie Windows-Defender deaktiviert 3.) Die ganzen in den Logs genannten Spiele deinstalliert Das hat alles nicht viel gebracht. Anbei die geforderten Scans. Ich habe meinen Nachnahmen in den Logs durch XXX ersetzt. Der RAM-Test mit Bordmitteln hat keine Fehler ergeben, chkdsk /r ist irgendwie abgebrochen ... vielleicht habe ich ein HDD-Problem? Schonmal danke im voraus dafür, wenn sich das hier jemand anschaut. Defogger - defogger-disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:52 on 11/10/2013 (XXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by XXX (administrator) on XXX on 11-10-2013 16:28:26
Running from C:\Users\XXX\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(DigitalPersona, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(ASCOMP Software GmbH) C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\GroupWise\notify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\XXX\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MfeEpePcMonitor] - "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [HPSYSDRV] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {c7a84d49-80e8-11e2-8d8b-806e6f6e6963} - E:\Windows\setup.exe /autorun
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [File Sanitizer] - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-04-15] (Sophos Limited)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2013-04-15] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2013-04-15] (Sophos Limited)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logon_XXX_JGA.bat ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/28
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/28
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
SearchScopes: HKLM - {F0FF9C2E-4823-401F-A2A3-E978FFBF7BD6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
SearchScopes: HKLM-x32 - {F0FF9C2E-4823-401F-A2A3-E978FFBF7BD6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
SearchScopes: HKCU - {F0FF9C2E-4823-401F-A2A3-E978FFBF7BD6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 141.35.1.16 141.35.1.80
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mhc29jje.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
==================== Services (Whitelisted) =================
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-09-05] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-12] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-04-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-04-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-04-15] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-04-15] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-04-15] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-04-15] (Sophos Limited)
==================== Drivers (Whitelisted) ====================
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-09-05] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-12] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-12] (McAfee, Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-04-15] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-04-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-04-15] (Sophos Plc)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-11 16:28 - 2013-10-11 16:28 - 00000000 ____D C:\FRST
2013-10-11 16:27 - 2013-10-11 16:27 - 01954124 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2013-10-11 16:26 - 2013-10-11 16:26 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2013-10-11 16:26 - 2013-10-11 16:26 - 00000486 _____ C:\Users\XXX\Downloads\defogger_disable.log
2013-10-11 16:26 - 2013-10-11 16:26 - 00000000 _____ C:\Users\XXX\defogger_reenable
2013-10-11 11:11 - 2013-10-09 20:49 - 00037886 _____ C:\Users\XXX\Desktop\Berufungsverfahren Männer Frauen 2012_2.xlsx
2013-10-09 14:16 - 2013-10-09 14:16 - 00078362 _____ C:\Users\XXX\Downloads\Extras.Txt
2013-10-09 14:15 - 2013-10-09 14:15 - 00069212 _____ C:\Users\XXX\Downloads\OTL.Txt
2013-10-09 13:53 - 2013-10-09 13:53 - 01045226 _____ C:\Users\XXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-09 13:51 - 2013-10-09 13:47 - 05132072 _____ (Swearware) C:\Users\XXX\Downloads\ComboFix.exe
2013-10-09 12:53 - 2013-10-09 12:53 - 00000000 ____D C:\Users\Service\AppData\Local\Adobe
2013-10-09 12:52 - 2013-10-09 12:52 - 00000000 ____D C:\Users\Service\AppData\Local\PDFC
2013-10-09 12:51 - 2013-10-09 12:53 - 00000000 ____D C:\Users\Service\AppData\Roaming\Adobe
2013-10-09 12:51 - 2013-10-09 12:51 - 00001427 _____ C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-09 12:51 - 2013-10-09 12:51 - 00000000 ___RD C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 12:51 - 2013-10-09 12:51 - 00000000 ___RD C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-09 12:50 - 2013-10-09 12:50 - 00000000 ____D C:\Users\Service\AppData\Roaming\DigitalPersona
2013-10-09 12:50 - 2013-10-09 12:50 - 00000000 ____D C:\Users\Service\AppData\Local\DigitalPersona
2013-10-09 12:49 - 2013-10-09 12:49 - 00000000 ____D C:\Users\Service\AppData\Local\VirtualStore
2013-10-09 12:47 - 2013-10-09 12:47 - 00000020 ___SH C:\Users\Service\ntuser.ini
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Vorlagen
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Startmenü
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Netzwerkumgebung
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Lokale Einstellungen
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Eigene Dateien
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Druckumgebung
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Documents\Eigene Musik
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Documents\Eigene Bilder
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\AppData\Local\Verlauf
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\AppData\Local\Anwendungsdaten
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Anwendungsdaten
2013-10-09 12:46 - 2013-10-09 12:51 - 00000000 ____D C:\Users\Service
2013-10-09 12:46 - 2013-04-16 16:12 - 00000000 ____D C:\Users\Service\AppData\Local\Microsoft Help
2013-10-09 12:46 - 2013-02-27 15:47 - 00002343 _____ C:\Users\Service\Desktop\MSN.lnk
2013-10-09 12:46 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-09 12:46 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-09 11:49 - 2013-10-09 11:49 - 00602112 _____ (OldTimer Tools) C:\Users\XXX\Downloads\otl.exe
2013-10-09 11:38 - 2013-10-09 11:39 - 00000000 ____D C:\Users\XXX\AppData\Local\Sophos
2013-10-09 10:47 - 2013-10-09 11:39 - 00007619 _____ C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
2013-10-01 14:58 - 2013-10-01 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 14:05 - 2013-10-08 12:50 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-17 14:05 - 2013-10-08 12:49 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-12 13:42 - 2013-09-12 13:43 - 00000000 ____D C:\ProgramData\Oracle
==================== One Month Modified Files and Folders =======
2013-10-11 16:28 - 2013-10-11 16:28 - 00000000 ____D C:\FRST
2013-10-11 16:27 - 2013-10-11 16:27 - 01954124 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2013-10-11 16:26 - 2013-10-11 16:26 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2013-10-11 16:26 - 2013-10-11 16:26 - 00000486 _____ C:\Users\XXX\Downloads\defogger_disable.log
2013-10-11 16:26 - 2013-10-11 16:26 - 00000000 _____ C:\Users\XXX\defogger_reenable
2013-10-11 16:26 - 2013-04-15 20:30 - 00000000 ____D C:\Users\XXX
2013-10-11 16:23 - 2013-02-27 15:21 - 00738328 _____ C:\Windows\system32\perfh007.dat
2013-10-11 16:23 - 2013-02-27 15:21 - 00164790 _____ C:\Windows\system32\perfc007.dat
2013-10-11 16:23 - 2009-07-14 07:13 - 01714290 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 16:17 - 2013-04-15 20:28 - 01931872 _____ C:\Windows\WindowsUpdate.log
2013-10-11 16:10 - 2013-09-06 10:20 - 00156515 _____ C:\Users\XXX\Desktop\Tabellen_Studierende_2012.xlsx
2013-10-11 16:09 - 2013-04-18 16:29 - 00000000 ____D C:\Users\XXX\AppData\Roaming\.oit
2013-10-11 15:38 - 2013-02-27 15:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 03:12 - 2013-04-15 20:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 15:25 - 2013-04-15 21:07 - 00000000 ___RD C:\Users\XXX\Documents\Eigene Dateien
2013-10-09 20:49 - 2013-10-11 11:11 - 00037886 _____ C:\Users\XXX\Desktop\Berufungsverfahren Männer Frauen 2012_2.xlsx
2013-10-09 14:38 - 2013-02-27 15:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 14:38 - 2013-02-27 15:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 14:16 - 2013-10-09 14:16 - 00078362 _____ C:\Users\XXX\Downloads\Extras.Txt
2013-10-09 14:15 - 2013-10-09 14:15 - 00069212 _____ C:\Users\XXX\Downloads\OTL.Txt
2013-10-09 13:53 - 2013-10-09 13:53 - 01045226 _____ C:\Users\XXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-09 13:47 - 2013-10-09 13:51 - 05132072 _____ (Swearware) C:\Users\XXX\Downloads\ComboFix.exe
2013-10-09 13:35 - 2009-07-14 06:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 13:35 - 2009-07-14 06:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 13:20 - 2013-02-27 15:47 - 00000000 ____D C:\ProgramData\PDFC
2013-10-09 13:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 13:17 - 2009-07-14 06:51 - 00044751 _____ C:\Windows\setupact.log
2013-10-09 12:53 - 2013-10-09 12:53 - 00000000 ____D C:\Users\Service\AppData\Local\Adobe
2013-10-09 12:53 - 2013-10-09 12:51 - 00000000 ____D C:\Users\Service\AppData\Roaming\Adobe
2013-10-09 12:52 - 2013-10-09 12:52 - 00000000 ____D C:\Users\Service\AppData\Local\PDFC
2013-10-09 12:51 - 2013-10-09 12:51 - 00001427 _____ C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-09 12:51 - 2013-10-09 12:51 - 00000000 ___RD C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 12:51 - 2013-10-09 12:51 - 00000000 ___RD C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-09 12:51 - 2013-10-09 12:46 - 00000000 ____D C:\Users\Service
2013-10-09 12:50 - 2013-10-09 12:50 - 00000000 ____D C:\Users\Service\AppData\Roaming\DigitalPersona
2013-10-09 12:50 - 2013-10-09 12:50 - 00000000 ____D C:\Users\Service\AppData\Local\DigitalPersona
2013-10-09 12:49 - 2013-10-09 12:49 - 00000000 ____D C:\Users\Service\AppData\Local\VirtualStore
2013-10-09 12:47 - 2013-10-09 12:47 - 00000020 ___SH C:\Users\Service\ntuser.ini
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Vorlagen
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Startmenü
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Netzwerkumgebung
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Lokale Einstellungen
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Eigene Dateien
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Druckumgebung
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Documents\Eigene Musik
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Documents\Eigene Bilder
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\AppData\Local\Verlauf
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\AppData\Local\Anwendungsdaten
2013-10-09 12:47 - 2013-10-09 12:47 - 00000000 _SHDL C:\Users\Service\Anwendungsdaten
2013-10-09 12:11 - 2013-08-12 13:18 - 00000000 _____ C:\Windows\system32\vireng.log
2013-10-09 11:56 - 2011-02-11 22:29 - 01691248 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 11:49 - 2013-10-09 11:49 - 00602112 _____ (OldTimer Tools) C:\Users\XXX\Downloads\otl.exe
2013-10-09 11:41 - 2013-08-16 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 11:39 - 2013-10-09 11:38 - 00000000 ____D C:\Users\XXX\AppData\Local\Sophos
2013-10-09 11:39 - 2013-10-09 10:47 - 00007619 _____ C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
2013-10-09 11:14 - 2013-04-15 20:51 - 00002028 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-10-09 11:06 - 2013-04-15 20:43 - 00002156 _____ C:\Users\Public\Desktop\BackUp Maker.lnk
2013-10-09 10:39 - 2013-04-15 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-08 12:50 - 2013-09-17 14:05 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-08 12:49 - 2013-09-17 14:05 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-07 16:45 - 2013-09-06 10:20 - 00066930 _____ C:\Users\XXX\Desktop\Zusammensetzung Gremien.xlsx
2013-10-01 16:06 - 2013-04-15 20:44 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla
2013-10-01 14:58 - 2013-10-01 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 11:13 - 2013-04-15 20:33 - 00000000 ____D C:\Users\XXX\AppData\Local\PDFC
2013-09-26 01:46 - 2013-04-15 22:18 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 13:43 - 2013-09-12 13:42 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 09:46 - 2010-11-21 05:47 - 00303162 _____ C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\bkmakerVV.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-09 17:23
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by XXX at 2013-10-11 16:29:56
Running from C:\Users\XXX\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
==================== Installed Programs ======================
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
BackUp Maker (x32 Version: 6.5.0.5)
Bejeweled 3 (x32 Version: 2.2.0.98)
Cake Mania (x32 Version: 2.2.0.98)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Device Access Manager for HP ProtectTools (Version: 7.1.1.0)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Drive Encryption For HP ProtectTools (Version: 7.0.39.32378)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.97)
FATE (x32 Version: 2.2.0.97)
File Sanitizer For HP ProtectTools (x32 Version: 7.0.0.4)
Final Drive Fury (x32 Version: 2.2.0.95)
Fishdom (TM) 2 (x32 Version: 2.2.0.98)
GroupWise (x32 Version: 8.0.2)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Desktop Keyboard (x32 Version: 1.0.0.13)
HP Games (x32 Version: 1.0.2.5)
HP Odometer (x32 Version: 2.10.0000)
HP ProtectTools Security Manager (Version: 7.0.2.1213)
HP Remote Solution (x32 Version: 1.1.14.0)
HP Setup (x32 Version: 9.1.15430.4033)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 11.00.0001)
IBM SPSS Statistics 21 (Version: 21.0.0.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2696)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.6.245)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest II (x32 Version: 2.2.0.97)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98)
LabelPrint (x32 Version: 2.5.4507)
Mahjongg Artifacts (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
opensource (x32 Version: 1.0.14960.3876)
PDF Complete Corporate Edition (x32 Version: 4.1.9)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Power2Go (x32 Version: 6.1.6207)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98)
Recovery Manager (x32 Version: 5.5.0.5223)
Skype™ 5.10 (x32 Version: 5.10.116)
Sophos Anti-Virus (x32 Version: 10.2.9)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02)
Torchlight (x32 Version: 2.2.0.98)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Families (x32 Version: 2.2.0.98)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Wedding Dash (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36)
Windows NT Messaging (x32)
WinZip 16.0 (Version: 16.0.9715)
Zuma's Revenge (x32 Version: 2.2.0.98)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {91308333-9ECF-49EB-B464-E3B5A34C7481} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {981EB8B8-7C95-43FA-87AD-05A517D21903} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-06] (Hewlett-Packard Company)
Task: {B7DF3257-CE56-4CB8-B988-C0F72AE23426} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {CA1C1352-2E3D-428C-99D4-A08A9CAF64D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {CC27DC45-A366-4B3F-A5A0-816C75BC7919} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-24] (CyberLink)
Task: {CFB669A9-7BD6-41EF-B082-1E28A908F08F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D72AB97F-5FB0-4D0C-9B3F-FAAACFC3C000} - System32\Tasks\BackUp_Maker-XXX => C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe [2013-08-23] (ASCOMP Software GmbH)
Task: {DC09998E-0BA2-411C-8C8F-426CFCA325F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {FF9AA9DE-8472-4137-BDA9-AF839672C040} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-04-05 04:46 - 2012-04-05 04:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-12 02:23 - 2012-07-12 02:23 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-07-12 01:52 - 2012-07-12 01:52 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-07-12 02:21 - 2012-07-12 02:21 - 03031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-07-12 02:26 - 2012-07-12 02:26 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-07-12 02:24 - 2012-07-12 02:24 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-07-12 01:56 - 2012-07-12 01:56 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-07-12 01:57 - 2012-07-12 01:57 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-03 15:54 - 2013-09-03 15:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2013-10-01 14:58 - 2013-10-01 14:58 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2013 11:32:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7106.5001, Zeitstempel: 0x520b3934
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0dc8fa1c
ID des fehlerhaften Prozesses: 0x1008
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Error: (10/09/2013 04:13:01 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
Error: (10/09/2013 04:13:01 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
Error: (10/09/2013 04:13:01 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
Error: (10/09/2013 04:13:00 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
Error: (10/09/2013 04:13:00 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
Error: (10/09/2013 04:13:00 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
Error: (10/09/2013 04:12:33 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
Error: (10/09/2013 04:12:33 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
Error: (10/09/2013 04:12:32 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
System errors:
=============
Error: (10/11/2013 04:33:50 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (10/11/2013 04:32:35 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:34 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:34 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (10/11/2013 04:32:33 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:32 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:31 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:30 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:29 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (10/11/2013 04:32:28 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (10/10/2013 11:32:30 AM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.7106.5001520b3934unknown0.0.0.000000000c00000050dc8fa1c100801cec5973eb55439C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknowne1ab74b9-318e-11e3-8151-7054d252adfa
Error: (10/09/2013 04:13:01 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Error: (10/09/2013 04:13:01 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
XamlBuildTask, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Error: (10/09/2013 04:13:01 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (10/09/2013 04:13:00 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (10/09/2013 04:13:00 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (10/09/2013 04:13:00 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (10/09/2013 04:12:33 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Error: (10/09/2013 04:12:33 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Error: (10/09/2013 04:12:32 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 8061.06 MB
Available physical RAM: 5688.42 MB
Total Pagefile: 16120.3 MB
Available Pagefile: 13796.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.13 GB) (Free:867.68 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:15.19 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive t: (Volume) (Network) (Total:5587.81 GB) (Free:3449.07 GB) NTFS
Drive x: (Volume) (Network) (Total:5587.81 GB) (Free:3449.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C51C2B96)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-11 17:05:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: k1piqky9.exe; Driver: C:\Users\XXX~1\AppData\Local\Temp\pwryyuob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Windows\Explorer.EXE[2004] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076f523d0 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[2004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076fcf6c0 8 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[2004] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe7b7490 11 bytes JMP 000007fffe7800d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[1084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Users\XXX\Downloads\Defogger.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Users\XXX\Downloads\Defogger.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
.text C:\Users\XXX\Downloads\k1piqky9.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075081465 2 bytes [08, 75]
.text C:\Users\XXX\Downloads\k1piqky9.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750814bb 2 bytes [08, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2708:1472] 000007feef5f9688
---- EOF - GMER 2.1 ----
MBAM Quick-Scan Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 XXX :: GA-XXX [Administrator] 11.10.2013 17:18:01 mbam-log-2013-10-11 (17-18-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224925 Laufzeit: 8 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by XXX at 17:09:58 on 2013-10-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8061.6024 [GMT 2:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
StartupFolder: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logon_XXX_JGA.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Notify.lnk - C:\Program Files (x86)\Novell\GroupWise\notify.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: NameServer = 141.35.1.16 141.35.1.80
TCP: Interfaces\{3D0C4769-A2D7-43E2-9AA9-DCAA320134CC} : DHCPNameServer = 141.35.1.16 141.35.1.80
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mhc29jje.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-6 20024]
R0 MfeEpeOpal;MfeEpeOpal;C:\Windows\System32\drivers\MfeEpeOpal.sys [2012-7-12 90736]
R0 MfeEpePc;MfeEpePc;C:\Windows\System32\drivers\MfeEpePc.sys [2012-7-12 158832]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2013-4-15 154952]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-3-9 372824]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-7-12 1327104]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-2-27 1134624]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2013-4-15 217592]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2013-4-15 159296]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2013-4-15 237048]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2013-4-15 357400]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2013-4-15 2890232]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-6 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-6 791608]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-20 108656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2013-4-15 2010688]
S3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2012-9-5 64832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2012-9-5 477088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2013-4-15 36640]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2013-4-15 25608]
.
=============== Created Last 30 ================
.
2013-10-11 14:32:41 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C3F0E08-7901-406C-A0AD-C1C82B6830DC}\offreg.dll
2013-10-11 14:28:15 -------- d-----w- C:\FRST
2013-10-11 08:21:12 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C3F0E08-7901-406C-A0AD-C1C82B6830DC}\mpengine.dll
2013-10-09 10:34:41 -------- d-----w- C:\Users\XXX\AppData\Local\ElevatedDiagnostics
2013-10-09 09:38:12 -------- d-----w- C:\Users\XXX\AppData\Local\Sophos
2013-09-12 11:42:59 -------- d-----w- C:\ProgramData\Oracle
2013-09-12 11:14:42 18612928 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
2013-10-09 12:38:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 12:38:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 17:11:32,87 ===============
Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15.04.2013 20:30:05
System Uptime: 11.10.2013 16:41:59 (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AD5
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | SOCKET 0 | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 867,65 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1,79 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
BackUp Maker
Bejeweled 3
Cake Mania
Chuzzle Deluxe
Cradle of Rome 2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Access Manager for HP ProtectTools
DirectX for Managed Code Update (Summer 2004)
Drive Encryption For HP ProtectTools
Farm Frenzy
Farmscapes
FATE
File Sanitizer For HP ProtectTools
Final Drive Fury
Fishdom (TM) 2
GroupWise
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Customer Experience Enhancements
HP Desktop Keyboard
HP Games
HP Odometer
HP ProtectTools Security Manager
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
IBM SPSS Statistics 21
Insaniquarium Deluxe
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Java 7 Update 21
Java Auto Updater
Jewel Match 3
Jewel Quest II
Jewel Quest Solitaire 2
LabelPrint
Mahjongg Artifacts
Malwarebytes Anti-Malware Version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 de)
Mystery of Mortlake Mansion
opensource
PDF Complete Corporate Edition
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
Power2Go
Ranch Rush 2 - Premium Edition
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Skype™ 5.10
Sophos Anti-Virus
Sophos AutoUpdate
Theft Recovery for HP ProtectTools
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wedding Dash
WildTangent Games App (HP Games)
Windows NT Messaging
WinZip 16.0
Zuma's Revenge
.
==== End Of File ===========================
|
|
13.10.2013, 18:00
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 sehr langsam trotz geringem Ressourcenverbrauch Hi,
__________________bevor wir tief graben. Deinstalliere Sophos, reboote, teste.
__________________ |
|
14.10.2013, 12:13
| #3 |
| | Windows 7 sehr langsam trotz geringem Ressourcenverbrauch Hallo schrauber,
__________________danke für die schnelle Antwort. Ich hab Sophos deinstalliert und siehe da, es ist eine deutliche Verbesserung zu spüren. Komisch, ich hatte vorher noch keine Probleme damit. Naja, dann schau ich mich mal nach einem anderen Virenschutzprogramm um. |
|
14.10.2013, 19:49
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 sehr langsam trotz geringem Ressourcenverbrauch Installier es einfach mal neu, das hilft meist.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 sehr langsam trotz geringem Ressourcenverbrauch |
| adobe, ausgelastet, browser, cpu, desktop, excel, explorer, failed, farbar, farbar recovery scan tool, fehler, festplatte, firefox, flash player, helper, hängen, langsam, monitor, mozilla, msiexec, registry, security, services.exe, svchost.exe, system, temp, usb, wildtangent games, windows |
Linear-Darstellung
