Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Massive Performanceeinbrüche durch Trojan.ADH.2?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.12.2012, 22:05   #1
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo Boarderliner ,

heute hat mir mein SEP11 Autoprotect 2 x gemeldet, dass er den Trojan.ADH.2 gefunden hat. Etwas seltsam, da ich auf Grund extremer Performanceprobleme seit Tagen mein System mit allem möglichen scanne aber bisher nichts gefunden wurde.

Seit dem 04.11. dauert der Boot-Vorgang extrem lange und meine CPU-Auslastung schießt selbst bei kleineren Applikationen (z.B. UMTS-Verbindungsprogramm) fast permanent auf 100%, der Ping ist höher als normal (UMTS, z.B. 230 statt 120) und z.B. bei WoT hab ich fps-Raten v. 2-10 statt ca. 40. Hardwareseitig hab ich meinen RAM, die CPU und meine GraKa mit Diagnosetools gecheckt, die scheinen ok zu sein. Und die allseits propagierten Prozess- und Dienste-Kills hab ich auch hinter mir. Allerdings ohne großen Erfolg. Bis auf den Programmkompatibilitäts-Assistenten, den hab ich deaktiviert, weil alleine der schon 50% CPU-Auslastung verursacht hatte.

Jetzt bleibt mir nur noch die Hoffnung, dass es an dem Trojaner liegt und der sich auch beseitigen läßt.

Hier das SEP-Log:

Code:
ATTFilter
Filename: qWDqO0OT.exe.part
Risk: Trojan.ADH.2
Action: Cleaned by deletion
Original Location: C:\Users\***\AppData\Local\Temp\
Status: Deleted
Current Location: Quarantine
Logged By: Auto-Protect scan
Action Description: The file was deleted successfully.
Date and Time: 07.12.2012 16:26:24

Filename: BJXlyvgm.exe.part
Risk: Trojan.ADH.2
Action: Cleaned by deletion
Original Location: C:\Users\***\AppData\Local\Temp\
Status: Deleted
Current Location: Quarantine
Logged By: Auto-Protect scan
Action Description: The file was deleted successfully.
Date and Time: 07.12.2012 16:39:25
         

Noch das OTL-Log von heute abend:

Code:
ATTFilter
OTL logfile created on: 07.12.2012 20:10:01 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 76,81% Memory free
12,00 Gb Paging File | 10,56 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,67 Gb Free Space | 11,62% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 348,65 Gb Free Space | 83,62% Space Free | Partition Type: NTFS
 
Computer Name: ***-MA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.08 10:35:43 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.01.10 13:49:20 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.04.22 23:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection

\ProtectionUtilSurrogate.exe
PRC - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 14:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- 

(MSMQTriggers)
SRV:64bit: - [2010.11.20 14:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe 

-- (IISADMIN)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- 

(AppMgmt)
SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- 

(simptcp)
SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2012.11.13 01:18:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core

\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE -- 

(Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.08 15:47:54 | 000,276,992 | ---- | M] (Markus B. Weber) [Auto | Stopped] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\MWconn\UMTS.exe -- (MWconn_Internet_0)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- 

(ServiceLayer)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe 

-- (Steam Client Service)
SRV - [2011.01.10 13:49:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- F:\Teamviewer\Version6\TeamViewer_Service.exe -- 

(TeamViewer6)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- 

(AppHostSvc)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN 

Connection Service)
SRV - [2010.10.05 12:24:35 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- F:\StarMoney 

7\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant 

Service)
SRV - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection

\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.04.16 20:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection

\Smc.exe -- (SmcService)
SRV - [2010.04.01 19:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint 

Protection\SNAC64.EXE -- (SNAC)
SRV - [2010.03.22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- 

(nTuneService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 

-- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate

\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared

\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared

\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\System Update

\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework

\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- 

(pccsmcfd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers

\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- 

(nmwcd)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- 

(nmwcdc)
DRV:64bit: - [2011.09.02 13:57:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.28 09:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative

\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.03.28 09:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- 

(Uim_IM)
DRV:64bit: - [2011.03.28 09:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.10 13:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative

\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers

\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers

\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers

\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.04 00:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- 

(fwlanusb4)
DRV:64bit: - [2010.10.04 00:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys 

-- (avmeject)
DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- 

(Lbd)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.06.02 15:50:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- 

(ss_bbus)
DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.04.16 20:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers

\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\netr6164.sys -- (rt61x64)
DRV:64bit: - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers

\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers

\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009.12.28 11:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.09.15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys 

-- (nvoclk64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\mqac.sys -- (MQAC)
DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\massfilter_hs.sys -- (massfilter_hs)
DRV - [2012.09.17 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs

\20121204.019\ex64.sys -- (NAVEX15)
DRV - [2012.09.17 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs

\20121204.019\eng64.sys -- (NAVENG)
DRV - [2012.08.15 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec 

Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.15 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec 

Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.10.24 16:49:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- 

(TFsExDisk)
DRV - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- 

(SRTSPL)
DRV - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- 

(SRTSP)
DRV - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- 

(SRTSPX)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys 

-- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms}
IE - HKCU\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKCU\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p=

{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft 

Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft 

Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft 

Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: F:\Programme\Firefox\components [2012.11.13 01:18:48 | 000,000,000 | 

---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | 

M]
 
[2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.03 00:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions
[2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions

\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.25 00:36:05 | 000,500,402 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions

\uriloader@pdf.js.xpi
[2012.12.03 00:05:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions

\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.11.23 18:09:48 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions

\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.12.03 01:25:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft 

Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL 

(Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft 

Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm 

()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft 

Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll 

(Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft 

Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll 

(Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 

(Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL 

(Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft 

Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted
[2012.12.06 23:52:48 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2012.12.06 23:52:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2012.12.06 23:52:48 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll
[2012.12.06 23:52:48 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2012.12.06 23:52:48 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2012.12.06 23:52:46 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2012.12.06 23:52:46 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2012.12.06 23:52:46 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2012.12.06 23:52:46 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2012.12.06 23:52:46 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2012.12.06 23:52:46 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2012.12.06 23:52:46 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2012.12.06 23:52:45 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2012.12.06 23:52:45 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll
[2012.12.06 23:52:45 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2012.12.06 23:52:44 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2012.12.06 23:52:44 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2012.12.06 23:22:10 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll
[2012.12.06 23:22:10 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll
[2012.12.06 23:22:09 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll
[2012.12.06 23:22:08 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll
[2012.12.06 23:22:08 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll
[2012.12.06 23:19:29 | 000,060,776 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll
[2012.12.06 23:19:29 | 000,052,584 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll
[2012.12.06 23:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.12.06 23:09:55 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco64.dll
[2012.12.06 23:09:55 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll
[2012.12.06 23:09:53 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll
[2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps
[2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys
[2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
[2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn
[2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft_Corporation
[2012.12.04 19:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.03 01:28:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.14 19:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 19:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012.11.14 19:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 19:10:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.14 19:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 19:10:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.14 19:10:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.14 19:10:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2012.11.14 19:10:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2012.11.14 19:10:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.14 19:10:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2012.11.14 19:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2012.11.14 19:10:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2012.11.14 19:10:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2012.11.14 19:10:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2012.11.14 19:10:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2012.11.14 19:10:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2012.11.14 19:10:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2012.11.14 19:10:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2012.11.14 19:10:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2012.11.14 19:10:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2012.11.14 19:10:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2012.11.14 19:10:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2012.11.14 19:10:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2012.11.14 19:10:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2012.11.14 19:10:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2012.11.14 19:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.11.14 19:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.11.14 19:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.11.14 19:02:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.11.14 19:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.11.14 19:02:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.11.14 19:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.11.14 19:02:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.11.14 19:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.11.14 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.11.14 19:02:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.11.14 19:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.11.14 19:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.11.14 19:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.11.14 19:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.11.14 18:57:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012.11.14 18:56:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 18:56:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012.11.14 18:56:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012.11.14 18:54:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2012.11.14 18:54:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2012.11.14 18:54:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2012.11.14 18:54:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2012.11.14 18:54:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2012.11.14 18:54:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2012.11.14 18:54:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2012.11.14 18:54:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2012.11.14 18:54:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2012.11.14 18:54:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2012.11.14 18:54:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2012.11.14 18:54:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2012.11.14 18:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012.11.14 18:53:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012.11.14 18:53:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012.11.14 18:53:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012.11.14 18:53:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.11.14 18:53:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012.11.14 18:53:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012.11.14 18:53:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012.11.14 18:53:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012.11.14 18:53:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012.11.14 18:53:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.07 20:35:59 | 000,013,840 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.07 20:35:59 | 000,013,840 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.07 19:39:17 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.07 19:39:17 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.07 19:39:17 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.07 19:39:17 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.07 19:39:16 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.12.07 19:30:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.07 19:30:20 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\***\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\***\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 20:34:26 | 000,007,643 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\***\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.04 19:20:09 | 000,000,117 | ---- | M] () -- C:\windows\SysWow64\~.inf
[2012.12.03 01:25:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012.11.14 19:26:48 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.11.13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\wpshelper.sys
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.06 23:52:44 | 000,016,127 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\***\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\***\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\***\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.04 19:20:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\~.inf
[2012.11.14 19:11:17 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 18:56:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\***\RB001.REZ
[2011.01.10 13:49:16 | 000,035,840 | ---- | C] () -- C:\windows\SysWow64\dokan.dll
[2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc
[2009.12.24 00:12:02 | 000,007,643 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg

< End of report >
         
Und die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 07.12.2012 20:10:01 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 76,81% Memory free
12,00 Gb Paging File | 10,56 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,67 Gb Free Space | 11,62% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 348,65 Gb Free Space | 83,62% Space Free | Partition Type: NTFS
 
Computer Name: ***-MA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0056BA9B-8546-4D67-B06C-728BEA48E773}" = StarMoney 7.0 S-Edition
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 Free
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cross Fire_is1" = Cross Fire En
"DokanLibrary" = Dokan Library 0.6.0
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PokerStars.eu" = PokerStars.eu
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.83
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.02.2012 14:41:38 | Computer Name = ***-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 23.02.2012 02:13:50 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 24.02.2012 12:52:01 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 26.02.2012 14:47:02 | Computer Name = ***-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.02.2012 14:18:56 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 01.03.2012 12:12:38 | Computer Name = ***-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d9c    Startzeit: 
01ccf7c5f11941a0    Endzeit: 59    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 55db3351-63b9-11e1-9d46-92e9f08d5159  
 
Error - 01.03.2012 15:07:00 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 04.03.2012 18:43:29 | Computer Name = ***-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.03.2012 18:44:34 | Computer Name = ***-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 07.03.2012 02:36:33 | Computer Name = ***-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b10    Startzeit: 
01ccfc2becd87dd0    Endzeit: 70    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 dcd10411-681f-11e1-a445-fddd4e01c7b5  
 
[ System Events ]
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:09:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 07.12.2012 15:29:46 | Computer Name = ***-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Falls ich irgendwie nicht so ganz korrekt gepostet habt, verzeiht mir bitte, war ein langer Tag. Ich gelobe Besserung.

Viele Grüße
schuka

Geändert von schuka (07.12.2012 um 22:50 Uhr)

Alt 09.12.2012, 18:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo und

Zitat:
(Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 10.12.2012, 07:13   #3
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Guten Morgen Cosinus,

sei mir nicht bös', da bisher keine Antwort kam und ich den Rechner heute für Home Office benötige, habe ich zwischenzeitlich einige Programme die ich sowieso nicht mehr benötige deinstalliert bzw. Dateien, die schon ewig nutzlos rumlagen gelöscht. Außerdem habe ich meine Grafikkarte getauscht, weil bei verschiedenen Hardwarediagnosen angezeigt wurde, dass sie nicht mehr 512 MB sondern nur noch 140 MB zur Verfügung stellt (Hab die Karte auch in einem anderen Rechner getestet). Hat von der Performance her nichts gebracht. Außerdem habe ich den Eset Online-Scanner laufen lassen, der 3 Funde gelöscht hat. Weitere Logs mit Funden (außer dem von SEP u. Eset) hab ich nicht. Ach ja, ich habe auch versucht, aswMBR als Admin zu starten, das führt jedes mal zu nem Bluescreen und dadurch zu nem automatischen Reboot. Das Startbild "Windows wird gestartet" bleibt übrigens bei jedem Start ca. 2 Minuten stehen.

Eset Online-Scan:

Code:
ATTFilter
F:\Videos\X\FreeAudioCDToMP3Converter.exe	Win32/OpenCandy Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
F:\Videos\X\FreeAudioConverter.exe	Win32/OpenCandy Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
F:\Videos\X\OrbitDownloaderSetup.exe	Win32/OpenCandy Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
         
Die Malwarebytes-Dienste werden als "Disabled" angezeigt, weil ich immer die Meldung erhielt, dass die Testphase abgelaufen ist. Hat halt genervt und ich war sowieso kurz davor, meinem Rechner das Fliegen beizubringen. Ich starte die Dienste aber gleich wieder.

Hier hab ich noch ein Log vom Process Explorer, ich hoffe, Du kannst was damit anfangen. Die Auslastung ist da gerade nicht so hoch.

Code:
ATTFilter
Process	PID	CPU	Private Bytes	Working Set	Description	Company Name
Interrupts	n/a	46.81	0 K	0 K	Hardware Interrupts and DPCs	
System Idle Process	0	19.43	0 K	24 K		
procexp64.exe	984	20.41	21.772 K	39.784 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com
System	4	7.98	112 K	304 K		
firefox.exe	1492	< 0.01	152.024 K	174.316 K	Firefox	Mozilla Corporation
plugin-container.exe	1500	1.27	5.364 K	11.564 K	Plugin Container for Firefox	Mozilla Corporation
csrss.exe	468	0.63	12.592 K	11.804 K	Client-Server-Laufzeitprozess	Microsoft Corporation
FlashPlayerPlugin_11_5_502_110.exe	1116	1.10	13.184 K	16.260 K	Adobe Flash Player 11.5 r502	Adobe Systems, Inc.
svchost.exe	912	0.53	74.988 K	84.600 K	Hostprozess für Windows-Dienste	Microsoft Corporation
WLanNetService.exe	1244	0.41	2.600 K	7.352 K	AVMWlanService 	AVM Berlin
FlashPlayerPlugin_11_5_502_110.exe	2004	0.16	4.388 K	9.260 K	Adobe Flash Player 11.5 r502	Adobe Systems, Inc.
explorer.exe	692	0.61	24.740 K	41.564 K	Windows-Explorer	Microsoft Corporation
svchost.exe	1088	0.03	14.056 K	16.292 K	Hostprozess für Windows-Dienste	Microsoft Corporation
wininit.exe	476		1.500 K	4.856 K	Windows-Startanwendung	Microsoft Corporation
WmiPrvSE.exe	1828		2.360 K	5.996 K	WMI Provider Host	Microsoft Corporation
winlogon.exe	560	< 0.01	2.736 K	7.320 K	Windows-Anmeldeanwendung	Microsoft Corporation
taskhost.exe	1108	0.01	2.468 K	7.800 K	Hostprozess für Windows-Aufgaben	Microsoft Corporation
svchost.exe	392		1.864 K	5.140 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	880	0.01	11.408 K	17.520 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	944	0.09	15.724 K	27.496 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	1200	< 0.01	6.492 K	7.300 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	704	0.09	4.128 K	9.196 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	788	0.05	3.208 K	7.036 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	2268	0.08	3.240 K	8.544 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	804	0.03	4.800 K	10.588 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	1692		1.468 K	4.264 K	Hostprozess für Windows-Dienste	Microsoft Corporation
svchost.exe	1892		1.760 K	5.320 K	Hostprozess für Windows-Dienste	Microsoft Corporation
smss.exe	280		452 K	1.148 K	Windows-Sitzungs-Manager	Microsoft Corporation
services.exe	552	0.09	4.852 K	8.956 K	Anwendung für Dienste und Controller	Microsoft Corporation
procexp.exe	1544		2.192 K	7.068 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com
mqtgsvc.exe	1556		2.448 K	5.304 K	Message Queuing Trigger Service	Microsoft Corporation
mqsvc.exe	1292	< 0.01	4.204 K	8.300 K	Message Queuing Service	Microsoft Corporation
lsm.exe	604	< 0.01	2.340 K	4.148 K	Lokaler Sitzungs-Manager-Dienst	Microsoft Corporation
lsass.exe	596	0.19	3.712 K	10.100 K	Local Security Authority Process	Microsoft Corporation
dwm.exe	732		1.688 K	5.276 K	Desktopfenster-Manager	Microsoft Corporation
csrss.exe	388	< 0.01	1.920 K	4.316 K	Client-Server-Laufzeitprozess	Microsoft Corporation
         
Ich werde jetzt nochmal meinen Rechner nach älteren Logs durchkämmen und sie posten. Weitere Logs mit Funden (außer dem von SEP u. Eset) hab ich nicht. Ich mach auch gleich nochmal nen OTL-Scan (ohne Aktion), weil sich ja einiges auf der Platte geändert hat. Falls bei der weiteren Vorgehensweise Scans erforderlich sind (davon gehe ich aus), sag mir bitte frühzeitig Bescheid, ich kann sie auf Grund ihrer Dauer (Eset dauerte mehr als 6 Stunden) nur nachts laufen lassen bzw. morgens starten, bevor ich zur Arbeit gehe.

Gruß
Schuka

PS: Ich habe die o.a. Maßnahmen ergriffen, weil die Zeit drängte (Home Office) und ich nicht wußte, wann ich Antwort bekomme. Außerdem wollte ich euch nicht frühzeitig auf den Senkel gehen, weil ich weiß, dass ihr eure Freizeit dafür opfert. Absoluter Respekt und Hochachtung vor eurer Leistung, eurem Engagement und eurer Motivation!

Hallo Cosinus,

hier erst mal das aktuelle OTL-Log (eine "Extras.txt" gabs diesmal nicht...?):

Code:
ATTFilter
OTL logfile created on: 11.12.2012 01:56:07 - Run 2
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,35% Memory free
12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,83% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 9,20 Gb Free Space | 18,84% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,11 Gb Free Space | 87,33% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.08 10:35:43 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steff\Desktop\OTL.exe
PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.04.22 23:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.11.20 14:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2010.11.20 14:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2012.12.08 08:27:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.08 15:47:54 | 000,276,992 | ---- | M] (Markus B. Weber) [Auto | Stopped] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe -- (MWconn_Internet_0)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.04.16 20:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010.04.01 19:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.09.02 13:57:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.28 09:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.03.28 09:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.03.28 09:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.04 00:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.04 00:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.06.02 15:50:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.04.16 20:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.28 11:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2012.09.17 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys -- (NAVEX15)
DRV - [2012.09.17 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys -- (NAVENG)
DRV - [2012.08.15 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.15 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.10.24 16:49:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms}
IE - HKCU\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKCU\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M]
 
[2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions
[2012.12.10 07:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions
[2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.25 00:36:05 | 000,500,402 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
[2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.08 00:52:07 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.12.03 01:25:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys
[2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll
[2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted
[2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps
[2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys
[2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics
[2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
[2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn
[2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss
[2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation
[2012.12.04 19:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.03 01:28:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.14 19:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 19:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012.11.14 19:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 19:10:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.14 19:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 19:10:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.14 19:10:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.14 19:10:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2012.11.14 19:10:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2012.11.14 19:10:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.14 19:10:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2012.11.14 19:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2012.11.14 19:10:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2012.11.14 19:10:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2012.11.14 19:10:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2012.11.14 19:10:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2012.11.14 19:10:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2012.11.14 19:10:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2012.11.14 19:10:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2012.11.14 19:10:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2012.11.14 19:10:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2012.11.14 19:10:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2012.11.14 19:10:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2012.11.14 19:10:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2012.11.14 19:10:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2012.11.14 19:10:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2012.11.14 19:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.11.14 19:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.11.14 19:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.11.14 19:02:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.11.14 19:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.11.14 19:02:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.11.14 19:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.11.14 19:02:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.11.14 19:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.11.14 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.11.14 19:02:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.11.14 19:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.11.14 19:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.11.14 19:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.11.14 19:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.11.14 18:57:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012.11.14 18:56:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 18:56:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012.11.14 18:56:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012.11.14 18:54:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2012.11.14 18:54:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2012.11.14 18:54:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2012.11.14 18:54:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2012.11.14 18:54:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2012.11.14 18:54:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2012.11.14 18:54:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2012.11.14 18:54:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2012.11.14 18:54:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2012.11.14 18:54:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2012.11.14 18:54:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2012.11.14 18:54:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2012.11.14 18:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012.11.14 18:53:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012.11.14 18:53:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012.11.14 18:53:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012.11.14 18:53:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.11.14 18:53:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012.11.14 18:53:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012.11.14 18:53:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012.11.14 18:53:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012.11.14 18:53:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012.11.14 18:53:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2012.12.11 01:41:35 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.11 01:41:35 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.11 01:41:35 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.11 01:41:35 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.11 01:41:35 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 01:28:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.11 01:28:14 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 03:48:51 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg
[2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.04 19:20:09 | 000,000,117 | ---- | M] () -- C:\windows\SysWow64\~.inf
[2012.12.03 01:25:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012.11.14 19:26:48 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.10 03:40:00 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012.12.08 17:44:20 | 000,038,159 | ---- | C] () -- C:\windows\atiogl.xml
[2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.04 19:20:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\~.inf
[2012.11.14 19:11:17 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 18:56:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\Steff\RB001.REZ
[2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc
[2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg

< End of report >
         

Da Du ja darum gebeten hattest, habe ich keine Virenscans mehr laufen lassen. Weitere Logs von anderen Scans habe ich auch keine mehr gefunden.

Gruß
Steff
__________________

Geändert von schuka (10.12.2012 um 07:21 Uhr)

Alt 11.12.2012, 18:17   #4
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo Cosinus,

hab versehentlich meinen vorherigen Beitrag editiert, statt ne neue Antwort aufzumachen.

Hier erst mal das aktuelle OTL-Log (eine "Extras.txt" gabs diesmal nicht...?):

Code:
ATTFilter
OTL logfile created on: 11.12.2012 01:56:07 - Run 2
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,35% Memory free
12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,83% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 9,20 Gb Free Space | 18,84% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,11 Gb Free Space | 87,33% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.08 10:35:43 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Steff\Desktop\OTL.exe
PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010.04.22 23:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.11.20 14:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2010.11.20 14:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2012.12.08 08:27:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.08 15:47:54 | 000,276,992 | ---- | M] (Markus B. Weber) [Auto | Stopped] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe -- (MWconn_Internet_0)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.04.22 23:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010.04.16 20:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010.04.01 19:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010.01.25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.09.02 13:57:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.28 09:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.03.28 09:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.03.28 09:52:48 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.04 00:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.04 00:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.09.23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.06.02 15:50:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.04.16 20:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.28 11:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009.06.10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2012.09.17 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys -- (NAVEX15)
DRV - [2012.09.17 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys -- (NAVENG)
DRV - [2012.08.15 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.15 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.10.24 16:49:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.03.08 11:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010.03.08 11:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010.03.08 11:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms}
IE - HKCU\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKCU\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M]
 
[2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions
[2012.12.10 07:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions
[2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.25 00:36:05 | 000,500,402 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
[2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.08 00:52:07 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.12.03 01:25:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys
[2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll
[2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted
[2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps
[2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys
[2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics
[2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
[2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn
[2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss
[2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation
[2012.12.04 19:32:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.03 01:28:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.14 19:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 19:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012.11.14 19:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 19:10:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.14 19:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 19:10:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.14 19:10:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.14 19:10:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2012.11.14 19:10:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2012.11.14 19:10:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.14 19:10:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2012.11.14 19:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2012.11.14 19:10:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2012.11.14 19:10:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2012.11.14 19:10:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2012.11.14 19:10:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2012.11.14 19:10:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2012.11.14 19:10:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2012.11.14 19:10:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2012.11.14 19:10:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2012.11.14 19:10:10 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2012.11.14 19:10:10 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2012.11.14 19:10:10 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2012.11.14 19:10:09 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2012.11.14 19:10:09 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2012.11.14 19:10:09 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2012.11.14 19:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.11.14 19:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.11.14 19:02:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.11.14 19:02:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.11.14 19:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.11.14 19:02:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.11.14 19:02:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.11.14 19:02:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.11.14 19:02:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.11.14 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.11.14 19:02:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.11.14 19:02:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.11.14 19:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.11.14 19:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.11.14 19:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.11.14 18:57:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012.11.14 18:56:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 18:56:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012.11.14 18:56:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012.11.14 18:54:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll
[2012.11.14 18:54:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll
[2012.11.14 18:54:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll
[2012.11.14 18:54:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll
[2012.11.14 18:54:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll
[2012.11.14 18:54:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe
[2012.11.14 18:54:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe
[2012.11.14 18:54:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll
[2012.11.14 18:54:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll
[2012.11.14 18:54:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll
[2012.11.14 18:54:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll
[2012.11.14 18:54:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll
[2012.11.14 18:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012.11.14 18:53:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012.11.14 18:53:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012.11.14 18:53:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012.11.14 18:53:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012.11.14 18:53:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012.11.14 18:53:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012.11.14 18:53:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012.11.14 18:53:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012.11.14 18:53:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012.11.14 18:53:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012.11.14 18:53:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2012.12.11 01:41:35 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.11 01:41:35 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.11 01:41:35 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.11 01:41:35 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.11 01:41:35 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 01:37:08 | 000,013,456 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 01:28:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.11 01:28:14 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 03:48:51 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg
[2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\  Malwarebytes Anti-Malware  .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.04 19:20:09 | 000,000,117 | ---- | M] () -- C:\windows\SysWow64\~.inf
[2012.12.03 01:25:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012.11.14 19:26:48 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.10 03:40:00 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012.12.08 17:44:20 | 000,038,159 | ---- | C] () -- C:\windows\atiogl.xml
[2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\  Malwarebytes Anti-Malware  .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.04 19:20:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\~.inf
[2012.11.14 19:11:17 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 18:56:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\Steff\RB001.REZ
[2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc
[2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg

< End of report >
         


Da Du ja darum gebeten hattest, habe ich keine Virenscans mehr laufen lassen. Weitere Logs von anderen Scans habe ich auch keine mehr gefunden.

Gruß
Steff

Alt 11.12.2012, 21:13   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Was ist denn jetzt mit den Logs von Malwarebytes?!
Das Programm ist nämlich NICHT deinstalliert!

???

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.12.2012, 07:42   #6
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo Cosinus,

hier das mb-Log von heute nacht:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.11.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steff :: STEFF-MA [Administrator]

12.12.2012 02:01:07
mbam-log-2012-12-12 (02-01-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346676
Laufzeit: 5 Stunde(n), 40 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ach ja, es gab doch noch ein Log von mb von nem Scan, den ich direkt nach der Installation gemacht hatte. Im Vergleich zur heutigen Scandauer (5 Std. 40 Min.) ging das hier richtig fix (51 Min. 16 Sek.), obwohl mehr Dateien gescannt wurden.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steff :: STEFF-MA [Administrator]

Schutz: Aktiviert

13.11.2012 01:47:57
mbam-log-2012-11-13 (01-47-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359888
Laufzeit: 51 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Geändert von schuka (12.12.2012 um 07:49 Uhr)

Alt 12.12.2012, 12:40   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Warum machst du neue Scans?! Was hast du hierdran nicht verstanden:

Zitat:
Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Hast du nun ältere Logs von Malwarebytes Funden oder nicht?!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.12.2012, 18:28   #8
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



In meiner letzten Antwort siehst siehst Du ja ein mb-Log vom 13.11. Und da ist kein Fund aufgezeigt. Ich habe auch nie geschrieben, dass mb mal was gefunden hat. Und das ältere Log habe ich auch erst gesehen, nachdem ich heute nacht mb laufen ließ, weil ich das Log in einen separaten Ordner verschoben und den Eintrag im Logdateien-Tab gelöscht hatte. Schließlich hatte mb ja nichts gefunden. Wie ich aber schon am 10.12. geschrieben hatte, habe ich auch keine weiteren Logs mit Funden außer denen von SEP u. Eset, die ich aber bereits angefügt habe.

Alt 13.12.2012, 12:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Zitat:
In meiner letzten Antwort siehst siehst Du ja ein mb-Log vom 13.11.
Ok, das Datumsformat hat mich reingelegt


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.



2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2012, 18:09   #10
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hier die beiden Logs von aswMBR u. TDSSKiller.

Probleme gabs beim aswMBR.
aswMBR hab ich als Administrator ausgeführt, dann wurden die avast!-Virendefinitionen heruntergeladen. Als das durch war, hab ich Scan angeklickt. AV-Scan stand standardmäßig auf Quick Scan. Sofort kam ein Bluescreen und der Rechner startete neu. Ich hab Windows danach normal starten lassen und aswMBR nochmal als Admin ausgeführt, daraufhin wieder Bluescreen. Danach hab ich Windows im abgesicherten Modus gestartet, aswMBR als Admin ausgeführt, Quick Scan stehen lassen und auf Scan geklickt. Nach ca. 2 Min. erschien die Fehlermeldung "avast! Antirootkit funktioniert nicht mehr". aswMBR geschlossen, neu als Admin ausgeführt, AV Scan auf "none" geändert und gescannt (immer noch im abgesicherten Modus).

Nach nem Neustart des Rechners im "normalen" Modus hab ich dann TDSSKiller als Admin ausgeführt. Ist problemlos durchgelaufen.

Und jetzt die Logs.

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-13 18:30:48
-----------------------------
18:30:48.908    OS Version: Windows x64 6.1.7601 Service Pack 1
18:30:48.908    Number of processors: 2 586 0x6B02
18:30:48.923    ComputerName: STEFF-MA  UserName: Steff
18:30:50.280    Initialize success
18:30:58.767    AVAST engine defs: 12121301
18:31:11.777    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000080
18:31:11.793    Disk 0 Vendor: ST350041 CV12 Size: 476938MB BusType: 3
18:31:11.793    Disk 0 MBR read successfully
18:31:11.808    Disk 0 MBR scan
18:31:11.824    Disk 0 Windows 7 default MBR code
18:31:11.824    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        49999 MB offset 63
18:31:11.824    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       426938 MB offset 102398310
18:31:11.855    Disk 0 scanning C:\windows\system32\drivers
18:31:25.599    Service scanning
18:31:43.898    Modules scanning
18:31:43.898    Disk 0 trace - called modules:
18:31:43.929    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
18:31:43.929    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041e4740]
18:31:43.929    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80036f9e40]
18:31:43.929    5 ACPI.sys[fffff88000ee47a1] -> nt!IofCallDriver -> \Device\00000080[0xfffffa80036f7060]
18:31:43.944    Scan finished successfully
18:32:06.798    Disk 0 MBR has been saved successfully to "C:\Users\Steff\Documents\Trojaner-Board\MBR.dat"
18:32:06.814    The log file has been saved successfully to "C:\Users\Steff\Documents\Trojaner-Board\aswMBR.txt"
         
TDSSKiller:

Code:
ATTFilter
18:44:37.0774 2784  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:44:39.0811 2784  ============================================================
18:44:39.0811 2784  Current date / time: 2012/12/13 18:44:39.0811
18:44:39.0811 2784  SystemInfo:
18:44:39.0821 2784  
18:44:39.0821 2784  OS Version: 6.1.7601 ServicePack: 1.0
18:44:39.0821 2784  Product type: Workstation
18:44:39.0821 2784  ComputerName: STEFF-MA
18:44:39.0821 2784  UserName: Steff
18:44:39.0821 2784  Windows directory: C:\windows
18:44:39.0821 2784  System windows directory: C:\windows
18:44:39.0821 2784  Running under WOW64
18:44:39.0821 2784  Processor architecture: Intel x64
18:44:39.0821 2784  Number of processors: 2
18:44:39.0821 2784  Page size: 0x1000
18:44:39.0821 2784  Boot type: Normal boot
18:44:39.0821 2784  ============================================================
18:44:47.0208 2784  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:44:47.0271 2784  ============================================================
18:44:47.0286 2784  \Device\Harddisk0\DR0:
18:44:47.0286 2784  MBR partitions:
18:44:47.0286 2784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
18:44:47.0286 2784  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x341DD2DB
18:44:47.0286 2784  ============================================================
18:44:47.0318 2784  C: <-> \Device\Harddisk0\DR0\Partition1
18:44:47.0364 2784  F: <-> \Device\Harddisk0\DR0\Partition2
18:44:47.0380 2784  ============================================================
18:44:47.0380 2784  Initialize success
18:44:47.0380 2784  ============================================================
18:45:08.0003 2816  ============================================================
18:45:08.0003 2816  Scan started
18:45:08.0003 2816  Mode: Manual; SigCheck; TDLFS; 
18:45:08.0003 2816  ============================================================
18:45:09.0704 2816  ================ Scan system memory ========================
18:45:09.0704 2816  System memory - ok
18:45:09.0704 2816  ================ Scan services =============================
18:45:10.0203 2816  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:45:11.0856 2816  1394ohci - ok
18:45:11.0934 2816  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:45:12.0231 2816  ACPI - ok
18:45:12.0293 2816  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
18:45:12.0886 2816  AcpiPmi - ok
18:45:12.0980 2816  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
18:45:13.0401 2816  adp94xx - ok
18:45:13.0463 2816  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
18:45:13.0869 2816  adpahci - ok
18:45:13.0900 2816  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
18:45:14.0290 2816  adpu320 - ok
18:45:14.0368 2816  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
18:45:15.0086 2816  AeLookupSvc - ok
18:45:15.0195 2816  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
18:45:15.0538 2816  AFD - ok
18:45:15.0600 2816  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
18:45:15.0975 2816  agp440 - ok
18:45:16.0037 2816  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
18:45:16.0287 2816  ALG - ok
18:45:16.0349 2816  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
18:45:16.0708 2816  aliide - ok
18:45:16.0770 2816  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:45:17.0363 2816  AMD External Events Utility - ok
18:45:17.0441 2816  AMD FUEL Service - ok
18:45:17.0472 2816  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
18:45:17.0909 2816  amdide - ok
18:45:17.0987 2816  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\windows\system32\DRIVERS\amdiox64.sys
18:45:18.0611 2816  amdiox64 - ok
18:45:18.0689 2816  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
18:45:18.0970 2816  AmdK8 - ok
18:45:19.0391 2816  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
18:45:19.0968 2816  amdkmdag - ok
18:45:20.0046 2816  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
18:45:20.0296 2816  amdkmdap - ok
18:45:20.0343 2816  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
18:45:20.0748 2816  AmdPPM - ok
18:45:20.0795 2816  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
18:45:21.0154 2816  amdsata - ok
18:45:21.0216 2816  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
18:45:21.0575 2816  amdsbs - ok
18:45:21.0622 2816  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
18:45:21.0840 2816  amdxata - ok
18:45:21.0934 2816  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\windows\system32\inetsrv\apphostsvc.dll
18:45:22.0340 2816  AppHostSvc - ok
18:45:22.0433 2816  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
18:45:23.0010 2816  AppID - ok
18:45:23.0057 2816  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:45:23.0619 2816  AppIDSvc - ok
18:45:23.0697 2816  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
18:45:23.0993 2816  Appinfo - ok
18:45:24.0056 2816  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
18:45:24.0570 2816  AppMgmt - ok
18:45:24.0633 2816  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
18:45:25.0101 2816  arc - ok
18:45:25.0148 2816  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
18:45:25.0538 2816  arcsas - ok
18:45:25.0678 2816  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:45:26.0006 2816  AsyncMac - ok
18:45:26.0052 2816  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
18:45:26.0255 2816  atapi - ok
18:45:26.0349 2816  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
18:45:26.0630 2816  AtiHDAudioService - ok
18:45:26.0739 2816  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:45:27.0113 2816  AudioEndpointBuilder - ok
18:45:27.0207 2816  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:45:27.0534 2816  AudioSrv - ok
18:45:27.0659 2816  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
18:45:28.0860 2816  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:45:28.0860 2816  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:45:28.0938 2816  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\windows\system32\drivers\avmeject.sys
18:45:29.0282 2816  avmeject - ok
18:45:29.0375 2816  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:45:29.0828 2816  AxInstSV - ok
18:45:29.0906 2816  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
18:45:30.0311 2816  b06bdrv - ok
18:45:30.0342 2816  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:45:30.0764 2816  b57nd60a - ok
18:45:30.0842 2816  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
18:45:31.0325 2816  BDESVC - ok
18:45:31.0388 2816  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
18:45:31.0668 2816  Beep - ok
18:45:31.0778 2816  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
18:45:32.0121 2816  BFE - ok
18:45:32.0230 2816  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
18:45:32.0558 2816  BITS - ok
18:45:32.0636 2816  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:45:32.0916 2816  blbdrive - ok
18:45:32.0963 2816  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:45:33.0228 2816  bowser - ok
18:45:33.0275 2816  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
18:45:33.0759 2816  BrFiltLo - ok
18:45:33.0821 2816  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
18:45:34.0133 2816  BrFiltUp - ok
18:45:34.0180 2816  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
18:45:34.0632 2816  BridgeMP - ok
18:45:34.0726 2816  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
18:45:35.0085 2816  Browser - ok
18:45:35.0147 2816  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
18:45:35.0834 2816  Brserid - ok
18:45:35.0865 2816  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:45:36.0255 2816  BrSerWdm - ok
18:45:36.0286 2816  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:45:36.0692 2816  BrUsbMdm - ok
18:45:36.0723 2816  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:45:37.0097 2816  BrUsbSer - ok
18:45:37.0128 2816  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
18:45:37.0550 2816  BTHMODEM - ok
18:45:37.0643 2816  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
18:45:38.0064 2816  bthserv - ok
18:45:38.0142 2816  [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
18:45:38.0626 2816  ccEvtMgr - ok
18:45:38.0704 2816  [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
18:45:39.0000 2816  ccSetMgr - ok
18:45:39.0063 2816  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:45:39.0500 2816  cdfs - ok
18:45:39.0562 2816  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
18:45:40.0030 2816  cdrom - ok
18:45:40.0108 2816  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
18:45:40.0404 2816  CertPropSvc - ok
18:45:40.0451 2816  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
18:45:40.0841 2816  circlass - ok
18:45:40.0888 2816  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
18:45:41.0200 2816  CLFS - ok
18:45:41.0309 2816  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:42.0308 2816  clr_optimization_v2.0.50727_32 - ok
18:45:42.0464 2816  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:45:42.0869 2816  clr_optimization_v2.0.50727_64 - ok
18:45:43.0010 2816  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:43.0259 2816  clr_optimization_v4.0.30319_32 - ok
18:45:43.0337 2816  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:45:43.0634 2816  clr_optimization_v4.0.30319_64 - ok
18:45:43.0696 2816  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:45:44.0086 2816  CmBatt - ok
18:45:44.0133 2816  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:45:44.0445 2816  cmdide - ok
18:45:44.0507 2816  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
18:45:44.0772 2816  CNG - ok
18:45:44.0819 2816  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
18:45:45.0178 2816  Compbatt - ok
18:45:45.0225 2816  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
18:45:45.0552 2816  CompositeBus - ok
18:45:45.0599 2816  COMSysApp - ok
18:45:45.0677 2816  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
18:45:46.0130 2816  crcdisk - ok
18:45:46.0208 2816  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:45:46.0520 2816  CryptSvc - ok
18:45:46.0644 2816  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
18:45:47.0003 2816  CSC - ok
18:45:47.0081 2816  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
18:45:47.0440 2816  CscService - ok
18:45:47.0580 2816  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:45:47.0986 2816  DcomLaunch - ok
18:45:48.0048 2816  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
18:45:48.0563 2816  defragsvc - ok
18:45:48.0610 2816  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:45:48.0906 2816  DfsC - ok
18:45:48.0969 2816  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
18:45:49.0312 2816  Dhcp - ok
18:45:49.0359 2816  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
18:45:49.0671 2816  discache - ok
18:45:49.0718 2816  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
18:45:49.0983 2816  Disk - ok
18:45:50.0076 2816  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:45:50.0357 2816  Dnscache - ok
18:45:50.0466 2816  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
18:45:50.0763 2816  dot3svc - ok
18:45:50.0888 2816  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
18:45:51.0231 2816  DPS - ok
18:45:51.0293 2816  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
18:45:51.0699 2816  drmkaud - ok
18:45:51.0808 2816  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
18:45:52.0120 2816  DXGKrnl - ok
18:45:52.0151 2816  EagleX64 - ok
18:45:52.0214 2816  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
18:45:52.0494 2816  EapHost - ok
18:45:52.0650 2816  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
18:45:53.0212 2816  ebdrv - ok
18:45:53.0290 2816  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:45:53.0477 2816  eeCtrl - ok
18:45:53.0540 2816  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
18:45:53.0852 2816  EFS - ok
18:45:53.0898 2816  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
18:45:54.0413 2816  elxstor - ok
18:45:54.0460 2816  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:45:54.0725 2816  EraserUtilRebootDrv - ok
18:45:54.0756 2816  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:45:55.0146 2816  ErrDev - ok
18:45:55.0271 2816  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
18:45:55.0661 2816  EventSystem - ok
18:45:55.0708 2816  ewusbnet - ok
18:45:55.0770 2816  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
18:45:56.0207 2816  exfat - ok
18:45:56.0285 2816  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
18:45:56.0862 2816  fastfat - ok
18:45:56.0940 2816  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
18:45:57.0268 2816  Fax - ok
18:45:57.0299 2816  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
18:45:57.0830 2816  fdc - ok
18:45:57.0892 2816  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
18:45:58.0188 2816  fdPHost - ok
18:45:58.0235 2816  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
18:45:58.0703 2816  FDResPub - ok
18:45:58.0781 2816  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:45:59.0031 2816  FileInfo - ok
18:45:59.0124 2816  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
18:45:59.0577 2816  Filetrace - ok
18:45:59.0624 2816  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
18:45:59.0967 2816  flpydisk - ok
18:46:00.0045 2816  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:46:00.0279 2816  FltMgr - ok
18:46:00.0404 2816  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
18:46:00.0903 2816  FontCache - ok
18:46:00.0996 2816  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:46:01.0371 2816  FontCache3.0.0.0 - ok
18:46:01.0449 2816  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
18:46:01.0808 2816  FsDepends - ok
18:46:01.0854 2816  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:46:02.0088 2816  Fs_Rec - ok
18:46:02.0166 2816  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:46:02.0369 2816  fvevol - ok
18:46:02.0525 2816  [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4       C:\windows\system32\DRIVERS\fwlanusb4.sys
18:46:03.0102 2816  fwlanusb4 - ok
18:46:03.0134 2816  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
18:46:03.0492 2816  gagp30kx - ok
18:46:03.0586 2816  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\windows\gdrv.sys
18:46:03.0960 2816  gdrv - ok
18:46:04.0070 2816  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
18:46:04.0522 2816  gpsvc - ok
18:46:04.0584 2816  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:46:04.0990 2816  hcw85cir - ok
18:46:05.0084 2816  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:46:05.0380 2816  HdAudAddService - ok
18:46:05.0411 2816  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
18:46:05.0645 2816  HDAudBus - ok
18:46:05.0692 2816  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
18:46:06.0129 2816  HidBatt - ok
18:46:06.0176 2816  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
18:46:06.0612 2816  HidBth - ok
18:46:06.0659 2816  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
18:46:07.0065 2816  HidIr - ok
18:46:07.0143 2816  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
18:46:07.0580 2816  hidserv - ok
18:46:07.0642 2816  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
18:46:07.0907 2816  HidUsb - ok
18:46:07.0985 2816  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:46:08.0328 2816  hkmsvc - ok
18:46:08.0391 2816  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:46:08.0703 2816  HomeGroupListener - ok
18:46:08.0765 2816  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:46:09.0046 2816  HomeGroupProvider - ok
18:46:09.0108 2816  [ DDF58C2E16527073FEF370EDFE970745 ] hotcore3        C:\windows\system32\DRIVERS\hotcore3.sys
18:46:09.0342 2816  hotcore3 - ok
18:46:09.0420 2816  [ E325F85012E793CEE74B73C4F22AE311 ] HPFXBULKLEDM    C:\windows\system32\drivers\hppdbulkio.sys
18:46:09.0732 2816  HPFXBULKLEDM - ok
18:46:09.0810 2816  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
18:46:10.0232 2816  HpSAMD - ok
18:46:10.0325 2816  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:46:10.0871 2816  HTTP - ok
18:46:10.0934 2816  huawei_enumerator - ok
18:46:10.0965 2816  hwdatacard - ok
18:46:11.0027 2816  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:46:11.0199 2816  hwpolicy - ok
18:46:11.0261 2816  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
18:46:11.0620 2816  i8042prt - ok
18:46:11.0682 2816  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
18:46:12.0135 2816  iaStorV - ok
18:46:12.0228 2816  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:46:12.0728 2816  idsvc - ok
18:46:12.0759 2816  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
18:46:13.0133 2816  iirsp - ok
18:46:13.0180 2816  [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN        C:\windows\system32\inetsrv\inetinfo.exe
18:46:13.0554 2816  IISADMIN - ok
18:46:13.0664 2816  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
18:46:14.0038 2816  IKEEXT - ok
18:46:14.0116 2816  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
18:46:14.0568 2816  intelide - ok
18:46:14.0646 2816  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
18:46:15.0114 2816  intelppm - ok
18:46:15.0161 2816  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
18:46:15.0645 2816  IPBusEnum - ok
18:46:15.0692 2816  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:46:16.0128 2816  IpFilterDriver - ok
18:46:16.0206 2816  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
18:46:16.0550 2816  iphlpsvc - ok
18:46:16.0612 2816  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
18:46:17.0002 2816  IPMIDRV - ok
18:46:17.0049 2816  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
18:46:17.0454 2816  IPNAT - ok
18:46:17.0501 2816  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:46:18.0110 2816  IRENUM - ok
18:46:18.0172 2816  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
18:46:18.0531 2816  isapnp - ok
18:46:18.0593 2816  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
18:46:18.0812 2816  iScsiPrt - ok
18:46:18.0858 2816  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
18:46:19.0077 2816  kbdclass - ok
18:46:19.0108 2816  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
18:46:19.0420 2816  kbdhid - ok
18:46:19.0482 2816  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
18:46:19.0748 2816  KeyIso - ok
18:46:19.0810 2816  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:46:20.0028 2816  KSecDD - ok
18:46:20.0075 2816  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
18:46:20.0294 2816  KSecPkg - ok
18:46:20.0340 2816  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
18:46:20.0652 2816  ksthunk - ok
18:46:20.0746 2816  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
18:46:21.0261 2816  KtmRm - ok
18:46:21.0354 2816  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
18:46:21.0713 2816  LanmanServer - ok
18:46:21.0822 2816  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:46:22.0197 2816  LanmanWorkstation - ok
18:46:22.0259 2816  [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd             C:\windows\system32\DRIVERS\Lbd.sys
18:46:22.0696 2816  Lbd - ok
18:46:22.0914 2816  [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:46:23.0882 2816  LiveUpdate - ok
18:46:23.0928 2816  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:46:24.0225 2816  lltdio - ok
18:46:24.0287 2816  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
18:46:24.0755 2816  lltdsvc - ok
18:46:24.0802 2816  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
18:46:25.0270 2816  lmhosts - ok
18:46:25.0317 2816  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
18:46:25.0707 2816  LSI_FC - ok
18:46:25.0738 2816  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
18:46:26.0112 2816  LSI_SAS - ok
18:46:26.0175 2816  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
18:46:26.0518 2816  LSI_SAS2 - ok
18:46:26.0549 2816  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
18:46:26.0892 2816  LSI_SCSI - ok
18:46:26.0939 2816  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
18:46:27.0314 2816  luafv - ok
18:46:27.0360 2816  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\windows\system32\drivers\massfilter.sys
18:46:27.0782 2816  massfilter - ok
18:46:27.0844 2816  [ 7AD627CDB12F5F451F24C8A97CA6E175 ] massfilter_hs   C:\windows\system32\drivers\massfilter_hs.sys
18:46:28.0203 2816  massfilter_hs - ok
18:46:28.0250 2816  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
18:46:28.0452 2816  MBAMProtector - ok
18:46:28.0515 2816  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:46:28.0905 2816  MBAMScheduler - ok
18:46:28.0983 2816  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:46:29.0357 2816  MBAMService - ok
18:46:29.0404 2816  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
18:46:29.0763 2816  megasas - ok
18:46:29.0825 2816  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
18:46:30.0231 2816  MegaSR - ok
18:46:30.0356 2816  Microsoft SharePoint Workspace Audit Service - ok
18:46:30.0402 2816  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
18:46:30.0746 2816  MMCSS - ok
18:46:30.0777 2816  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
18:46:31.0058 2816  Modem - ok
18:46:31.0104 2816  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
18:46:31.0401 2816  monitor - ok
18:46:31.0448 2816  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:46:31.0697 2816  mouclass - ok
18:46:31.0728 2816  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
18:46:32.0009 2816  mouhid - ok
18:46:32.0072 2816  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:46:32.0290 2816  mountmgr - ok
18:46:32.0337 2816  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:46:33.0164 2816  MozillaMaintenance - ok
18:46:33.0195 2816  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
18:46:33.0600 2816  mpio - ok
18:46:33.0663 2816  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:46:34.0209 2816  mpsdrv - ok
18:46:34.0302 2816  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
18:46:34.0770 2816  MpsSvc - ok
18:46:34.0833 2816  [ CD22D2563039DDA6793F7624719363A7 ] MQAC            C:\windows\system32\drivers\mqac.sys
18:46:35.0176 2816  MQAC - ok
18:46:35.0223 2816  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:46:35.0691 2816  MRxDAV - ok
18:46:35.0753 2816  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:46:36.0081 2816  mrxsmb - ok
18:46:36.0174 2816  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:46:36.0471 2816  mrxsmb10 - ok
18:46:36.0533 2816  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:46:36.0798 2816  mrxsmb20 - ok
18:46:36.0861 2816  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
18:46:37.0235 2816  msahci - ok
18:46:37.0266 2816  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
18:46:37.0688 2816  msdsm - ok
18:46:37.0750 2816  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
18:46:37.0984 2816  MSDTC - ok
18:46:38.0062 2816  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:46:38.0343 2816  Msfs - ok
18:46:38.0421 2816  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
18:46:38.0795 2816  mshidkmdf - ok
18:46:38.0858 2816  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
18:46:39.0060 2816  msisadrv - ok
18:46:39.0138 2816  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
18:46:39.0591 2816  MSiSCSI - ok
18:46:39.0622 2816  msiserver - ok
18:46:39.0669 2816  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
18:46:40.0074 2816  MSKSSRV - ok
18:46:40.0121 2816  [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ            C:\windows\system32\mqsvc.exe
18:46:40.0371 2816  MSMQ - ok
18:46:40.0433 2816  [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers    C:\windows\system32\mqtgsvc.exe
18:46:40.0683 2816  MSMQTriggers - ok
18:46:40.0714 2816  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:46:41.0073 2816  MSPCLOCK - ok
18:46:41.0088 2816  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
18:46:41.0478 2816  MSPQM - ok
18:46:41.0541 2816  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
18:46:41.0759 2816  MsRPC - ok
18:46:41.0822 2816  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
18:46:42.0056 2816  mssmbios - ok
18:46:42.0102 2816  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
18:46:42.0492 2816  MSTEE - ok
18:46:42.0524 2816  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
18:46:42.0867 2816  MTConfig - ok
18:46:42.0898 2816  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
18:46:43.0194 2816  Mup - ok
18:46:43.0335 2816  [ 4897B109276C61FB34C9B50F342C12D3 ] MWconn_Internet_0 C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe
18:47:03.0896 2816  MWconn_Internet_0 ( UnsignedFile.Multi.Generic ) - warning
18:47:03.0896 2816  MWconn_Internet_0 - detected UnsignedFile.Multi.Generic (1)
18:47:03.0989 2816  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
18:47:04.0364 2816  napagent - ok
18:47:04.0426 2816  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
18:47:04.0925 2816  NativeWifiP - ok
18:47:05.0081 2816  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121204.019\ENG64.SYS
18:47:05.0518 2816  NAVENG - ok
18:47:05.0612 2816  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121204.019\EX64.SYS
18:47:06.0064 2816  NAVEX15 - ok
18:47:06.0142 2816  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
18:47:06.0516 2816  NDIS - ok
18:47:06.0563 2816  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
18:47:07.0000 2816  NdisCap - ok
18:47:07.0047 2816  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:47:07.0343 2816  NdisTapi - ok
18:47:07.0406 2816  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
18:47:07.0827 2816  Ndisuio - ok
18:47:07.0889 2816  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
18:47:08.0186 2816  NdisWan - ok
18:47:08.0248 2816  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
18:47:08.0513 2816  NDProxy - ok
18:47:08.0560 2816  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
18:47:08.0856 2816  NetBIOS - ok
18:47:08.0919 2816  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
18:47:09.0184 2816  NetBT - ok
18:47:09.0231 2816  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
18:47:09.0496 2816  Netlogon - ok
18:47:09.0590 2816  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
18:47:09.0917 2816  Netman - ok
18:47:09.0964 2816  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:10.0354 2816  NetMsmqActivator - ok
18:47:10.0401 2816  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:10.0588 2816  NetPipeActivator - ok
18:47:10.0666 2816  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
18:47:11.0103 2816  netprofm - ok
18:47:11.0196 2816  [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x         C:\windows\system32\DRIVERS\netr28x.sys
18:47:11.0680 2816  netr28x - ok
18:47:11.0742 2816  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:11.0976 2816  NetTcpActivator - ok
18:47:12.0039 2816  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:47:12.0242 2816  NetTcpPortSharing - ok
18:47:12.0273 2816  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
18:47:12.0678 2816  nfrd960 - ok
18:47:12.0741 2816  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
18:47:13.0053 2816  NlaSvc - ok
18:47:13.0084 2816  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\windows\system32\drivers\ccdcmbx64.sys
18:47:13.0505 2816  nmwcd - ok
18:47:13.0583 2816  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\windows\system32\drivers\ccdcmbox64.sys
18:47:14.0051 2816  nmwcdc - ok
18:47:14.0114 2816  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:47:14.0410 2816  Npfs - ok
18:47:14.0472 2816  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
18:47:14.0738 2816  nsi - ok
18:47:14.0769 2816  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:47:15.0050 2816  nsiproxy - ok
18:47:15.0143 2816  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:47:15.0440 2816  Ntfs - ok
18:47:15.0486 2816  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
18:47:15.0736 2816  Null - ok
18:47:15.0783 2816  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\windows\system32\DRIVERS\nvm62x64.sys
18:47:16.0251 2816  NVENETFD - ok
18:47:16.0298 2816  nvlddmkm - ok
18:47:16.0391 2816  [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET           C:\windows\system32\DRIVERS\nvmf6264.sys
18:47:16.0890 2816  NVNET - ok
18:47:16.0937 2816  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
18:47:17.0358 2816  nvraid - ok
18:47:17.0405 2816  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
18:47:17.0624 2816  nvstor - ok
18:47:17.0702 2816  [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64        C:\windows\system32\DRIVERS\nvstor64.sys
18:47:17.0982 2816  nvstor64 - ok
18:47:18.0029 2816  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
18:47:18.0435 2816  nv_agp - ok
18:47:18.0482 2816  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
18:47:18.0872 2816  ohci1394 - ok
18:47:18.0965 2816  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:20.0057 2816  ose - ok
18:47:20.0447 2816  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:47:21.0336 2816  osppsvc - ok
18:47:21.0461 2816  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:47:21.0742 2816  p2pimsvc - ok
18:47:21.0804 2816  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
18:47:22.0101 2816  p2psvc - ok
18:47:22.0148 2816  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
18:47:22.0553 2816  Parport - ok
18:47:22.0600 2816  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
18:47:22.0787 2816  partmgr - ok
18:47:22.0850 2816  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
18:47:23.0177 2816  PcaSvc - ok
18:47:23.0255 2816  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\windows\system32\DRIVERS\pccsmcfdx64.sys
18:47:23.0754 2816  pccsmcfd - ok
18:47:23.0801 2816  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
18:47:24.0020 2816  pci - ok
18:47:24.0051 2816  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
18:47:24.0269 2816  pciide - ok
18:47:24.0347 2816  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
18:47:24.0722 2816  pcmcia - ok
18:47:24.0768 2816  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
18:47:25.0018 2816  pcw - ok
18:47:25.0065 2816  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:47:25.0361 2816  PEAUTH - ok
18:47:25.0470 2816  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
18:47:25.0845 2816  PeerDistSvc - ok
18:47:26.0048 2816  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
18:47:26.0718 2816  PerfHost - ok
18:47:26.0874 2816  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
18:47:27.0483 2816  pla - ok
18:47:27.0561 2816  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:47:27.0920 2816  PlugPlay - ok
18:47:27.0998 2816  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
18:47:28.0232 2816  PNRPAutoReg - ok
18:47:28.0278 2816  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
18:47:28.0544 2816  PNRPsvc - ok
18:47:28.0622 2816  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
18:47:28.0918 2816  PolicyAgent - ok
18:47:28.0980 2816  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
18:47:29.0339 2816  Power - ok
18:47:29.0386 2816  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:47:29.0682 2816  PptpMiniport - ok
18:47:29.0714 2816  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
18:47:30.0119 2816  Processor - ok
18:47:30.0197 2816  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
18:47:30.0478 2816  ProfSvc - ok
18:47:30.0509 2816  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:47:30.0743 2816  ProtectedStorage - ok
18:47:30.0806 2816  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:47:31.0086 2816  Psched - ok
18:47:31.0180 2816  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
18:47:31.0632 2816  ql2300 - ok
18:47:31.0664 2816  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
18:47:32.0038 2816  ql40xx - ok
18:47:32.0100 2816  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
18:47:32.0537 2816  QWAVE - ok
18:47:32.0584 2816  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:47:33.0005 2816  QWAVEdrv - ok
18:47:33.0068 2816  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:47:33.0551 2816  RasAcd - ok
18:47:33.0598 2816  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
18:47:33.0894 2816  RasAgileVpn - ok
18:47:33.0941 2816  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
18:47:34.0269 2816  RasAuto - ok
18:47:34.0316 2816  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
18:47:34.0628 2816  Rasl2tp - ok
18:47:34.0737 2816  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
18:47:35.0080 2816  RasMan - ok
18:47:35.0127 2816  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:47:35.0423 2816  RasPppoe - ok
18:47:35.0454 2816  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
18:47:35.0766 2816  RasSstp - ok
18:47:35.0844 2816  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
18:47:36.0281 2816  rdbss - ok
18:47:36.0312 2816  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
18:47:36.0546 2816  rdpbus - ok
18:47:36.0624 2816  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:47:36.0936 2816  RDPCDD - ok
18:47:37.0014 2816  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
18:47:37.0389 2816  RDPDR - ok
18:47:37.0451 2816  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:47:37.0716 2816  RDPENCDD - ok
18:47:37.0763 2816  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:47:38.0044 2816  RDPREFMP - ok
18:47:38.0138 2816  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
18:47:38.0496 2816  RdpVideoMiniport - ok
18:47:38.0574 2816  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
18:47:38.0808 2816  RDPWD - ok
18:47:38.0855 2816  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:47:39.0089 2816  rdyboost - ok
18:47:39.0167 2816  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
18:47:39.0573 2816  RemoteAccess - ok
18:47:39.0713 2816  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:47:40.0056 2816  RemoteRegistry - ok
18:47:40.0119 2816  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\windows\system32\DRIVERS\RMCAST.sys
18:47:40.0400 2816  RMCAST - ok
18:47:40.0478 2816  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:47:40.0790 2816  RpcEptMapper - ok
18:47:40.0836 2816  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
18:47:41.0070 2816  RpcLocator - ok
18:47:41.0148 2816  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
18:47:41.0507 2816  RpcSs - ok
18:47:41.0554 2816  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:47:41.0819 2816  rspndr - ok
18:47:41.0882 2816  [ 60EB8A87357CA5B088B422D1E55A2405 ] rt61x64         C:\windows\system32\DRIVERS\netr6164.sys
18:47:42.0147 2816  rt61x64 - ok
18:47:42.0194 2816  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
18:47:42.0443 2816  s3cap - ok
18:47:42.0506 2816  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
18:47:42.0755 2816  SamSs - ok
18:47:42.0802 2816  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
18:47:43.0254 2816  sbp2port - ok
18:47:43.0317 2816  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:47:43.0644 2816  SCardSvr - ok
18:47:43.0707 2816  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:47:43.0972 2816  scfilter - ok
18:47:44.0097 2816  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
18:47:44.0518 2816  Schedule - ok
18:47:44.0596 2816  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
18:47:44.0861 2816  SCPolicySvc - ok
18:47:44.0939 2816  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:47:45.0189 2816  SDRSVC - ok
18:47:45.0236 2816  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:47:45.0548 2816  secdrv - ok
18:47:45.0610 2816  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
18:47:45.0906 2816  seclogon - ok
18:47:45.0969 2816  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
18:47:46.0281 2816  SENS - ok
18:47:46.0312 2816  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
18:47:46.0718 2816  SensrSvc - ok
18:47:46.0749 2816  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
18:47:46.0983 2816  Serenum - ok
18:47:47.0030 2816  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
18:47:47.0295 2816  Serial - ok
18:47:47.0342 2816  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
18:47:47.0576 2816  sermouse - ok
18:47:47.0669 2816  [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:47:48.0059 2816  ServiceLayer - ok
18:47:48.0184 2816  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
18:47:48.0605 2816  SessionEnv - ok
18:47:48.0683 2816  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
18:47:49.0042 2816  sffdisk - ok
18:47:49.0073 2816  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
18:47:49.0416 2816  sffp_mmc - ok
18:47:49.0463 2816  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
18:47:49.0791 2816  sffp_sd - ok
18:47:49.0838 2816  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
18:47:50.0072 2816  sfloppy - ok
18:47:50.0165 2816  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:47:50.0602 2816  SharedAccess - ok
18:47:50.0680 2816  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:47:51.0164 2816  ShellHWDetection - ok
18:47:51.0226 2816  [ E9E830D540EDEDED650F906628468548 ] simptcp         C:\windows\System32\tcpsvcs.exe
18:47:51.0522 2816  simptcp - ok
18:47:51.0569 2816  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
18:47:51.0928 2816  SiSRaid2 - ok
18:47:51.0975 2816  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
18:47:52.0302 2816  SiSRaid4 - ok
18:47:52.0334 2816  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
18:47:52.0614 2816  Smb - ok
18:47:52.0817 2816  [ 26EB194D1FB2870E0453A99B84889F8D ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
18:47:53.0301 2816  SmcService - ok
18:47:53.0410 2816  [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
18:47:53.0816 2816  SNAC - ok
18:47:53.0894 2816  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:47:54.0237 2816  SNMPTRAP - ok
18:47:54.0268 2816  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
18:47:54.0486 2816  spldr - ok
18:47:54.0549 2816  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
18:47:55.0017 2816  Spooler - ok
18:47:55.0188 2816  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
18:48:00.0149 2816  sppsvc - ok
18:48:00.0227 2816  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
18:48:00.0680 2816  sppuinotify - ok
18:48:00.0726 2816  [ B531FC8918DCDAAE638511A123C3465E ] SRTSP           C:\windows\system32\Drivers\SRTSP64.SYS
18:48:01.0132 2816  SRTSP - ok
18:48:01.0194 2816  [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL          C:\windows\system32\Drivers\SRTSPL64.SYS
18:48:01.0631 2816  SRTSPL - ok
18:48:01.0662 2816  [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX          C:\windows\system32\Drivers\SRTSPX64.SYS
18:48:02.0021 2816  SRTSPX - ok
18:48:02.0099 2816  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
18:48:02.0364 2816  srv - ok
18:48:02.0427 2816  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:48:02.0692 2816  srv2 - ok
18:48:02.0739 2816  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:48:03.0004 2816  srvnet - ok
18:48:03.0066 2816  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
18:48:03.0332 2816  SSDPSRV - ok
18:48:03.0410 2816  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
18:48:03.0753 2816  SstpSvc - ok
18:48:03.0815 2816  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\windows\system32\DRIVERS\ss_bbus.sys
18:48:04.0018 2816  ss_bbus - ok
18:48:04.0065 2816  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\windows\system32\DRIVERS\ss_bmdfl.sys
18:48:04.0252 2816  ss_bmdfl - ok
18:48:04.0299 2816  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\windows\system32\DRIVERS\ss_bmdm.sys
18:48:04.0595 2816  ss_bmdm - ok
18:48:04.0642 2816  Steam Client Service - ok
18:48:04.0689 2816  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
18:48:05.0172 2816  stexstor - ok
18:48:05.0266 2816  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
18:48:05.0687 2816  stisvc - ok
18:48:05.0750 2816  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
18:48:05.0968 2816  storflt - ok
18:48:06.0062 2816  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
18:48:06.0483 2816  StorSvc - ok
18:48:06.0545 2816  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
18:48:06.0904 2816  storvsc - ok
18:48:06.0935 2816  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
18:48:07.0200 2816  swenum - ok
18:48:07.0278 2816  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
18:48:07.0762 2816  swprv - ok
18:48:07.0871 2816  [ F3A4EAD0B3946E439F0397F7A4D09952 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:48:08.0386 2816  Symantec AntiVirus - ok
18:48:08.0433 2816  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:48:08.0838 2816  SymEvent - ok
18:48:08.0948 2816  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
18:48:09.0322 2816  SysMain - ok
18:48:09.0400 2816  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:48:09.0821 2816  TabletInputService - ok
18:48:09.0899 2816  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
18:48:10.0180 2816  TapiSrv - ok
18:48:10.0258 2816  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
18:48:10.0679 2816  TBS - ok
18:48:10.0820 2816  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
18:48:11.0132 2816  Tcpip - ok
18:48:11.0241 2816  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:48:11.0506 2816  TCPIP6 - ok
18:48:11.0584 2816  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:48:11.0834 2816  tcpipreg - ok
18:48:11.0912 2816  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:48:12.0114 2816  TDPIPE - ok
18:48:12.0161 2816  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
18:48:12.0442 2816  TDTCP - ok
18:48:12.0536 2816  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
18:48:12.0848 2816  tdx - ok
18:48:12.0926 2816  [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2         C:\windows\system32\DRIVERS\teefer2.sys
18:48:13.0191 2816  Teefer2 - ok
18:48:13.0238 2816  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
18:48:13.0487 2816  TermDD - ok
18:48:13.0550 2816  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
18:48:13.0877 2816  TermService - ok
18:48:13.0924 2816  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\windows\System32\Drivers\TFsExDisk.sys
18:48:14.0236 2816  TFsExDisk - ok
18:48:14.0314 2816  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
18:48:14.0579 2816  Themes - ok
18:48:14.0673 2816  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
18:48:14.0969 2816  THREADORDER - ok
18:48:15.0047 2816  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
18:48:15.0422 2816  TrkWks - ok
18:48:15.0515 2816  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:48:15.0874 2816  TrustedInstaller - ok
18:48:15.0936 2816  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:48:16.0217 2816  tssecsrv - ok
18:48:16.0295 2816  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
18:48:16.0560 2816  TsUsbFlt - ok
18:48:16.0638 2816  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:48:16.0919 2816  tunnel - ok
18:48:16.0950 2816  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
18:48:17.0184 2816  uagp35 - ok
18:48:17.0247 2816  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:48:17.0559 2816  udfs - ok
18:48:17.0699 2816  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
18:48:18.0994 2816  UI Assistant Service - ok
18:48:19.0041 2816  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
18:48:19.0446 2816  UI0Detect - ok
18:48:19.0509 2816  [ 49B13845F0DBE39B47FC91DC46B2170A ] UimBus          C:\windows\system32\DRIVERS\uimx64.sys
18:48:19.0743 2816  UimBus - ok
18:48:19.0790 2816  [ DD46BEC773C011EAA5E502C43A73A1CC ] Uim_IM          C:\windows\system32\Drivers\Uim_IMx64.sys
18:48:20.0102 2816  Uim_IM - ok
18:48:20.0133 2816  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
18:48:20.0351 2816  uliagpkx - ok
18:48:20.0398 2816  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
18:48:20.0616 2816  umbus - ok
18:48:20.0679 2816  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
18:48:20.0928 2816  UmPass - ok
18:48:20.0991 2816  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
18:48:21.0287 2816  UmRdpService - ok
18:48:21.0350 2816  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
18:48:21.0818 2816  upnphost - ok
18:48:21.0880 2816  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:48:22.0270 2816  upperdev - ok
18:48:22.0332 2816  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
18:48:22.0644 2816  usbaudio - ok
18:48:22.0691 2816  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
18:48:22.0956 2816  usbccgp - ok
18:48:22.0988 2816  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
18:48:23.0315 2816  usbcir - ok
18:48:23.0378 2816  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
18:48:23.0658 2816  usbehci - ok
18:48:23.0705 2816  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:48:24.0017 2816  usbhub - ok
18:48:24.0048 2816  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
18:48:24.0282 2816  usbohci - ok
18:48:24.0329 2816  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
18:48:24.0579 2816  usbprint - ok
18:48:24.0641 2816  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\windows\system32\drivers\usbser.sys
18:48:25.0047 2816  usbser - ok
18:48:25.0078 2816  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys
18:48:25.0468 2816  UsbserFilt - ok
18:48:25.0515 2816  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
18:48:25.0780 2816  USBSTOR - ok
18:48:25.0827 2816  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
18:48:26.0076 2816  usbuhci - ok
18:48:26.0154 2816  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
18:48:26.0466 2816  UxSms - ok
18:48:26.0513 2816  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
18:48:26.0747 2816  VaultSvc - ok
18:48:26.0778 2816  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
18:48:26.0997 2816  vdrvroot - ok
18:48:27.0090 2816  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
18:48:27.0527 2816  vds - ok
18:48:27.0558 2816  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
18:48:27.0792 2816  vga - ok
18:48:27.0839 2816  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
18:48:28.0136 2816  VgaSave - ok
18:48:28.0198 2816  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
18:48:28.0448 2816  vhdmp - ok
18:48:28.0479 2816  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
18:48:28.0650 2816  viaide - ok
18:48:28.0697 2816  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
18:48:28.0931 2816  vmbus - ok
18:48:28.0978 2816  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
18:48:29.0415 2816  VMBusHID - ok
18:48:29.0462 2816  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
18:48:29.0664 2816  volmgr - ok
18:48:29.0742 2816  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
18:48:30.0008 2816  volmgrx - ok
18:48:30.0086 2816  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
18:48:30.0366 2816  volsnap - ok
18:48:30.0429 2816  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\windows\system32\DRIVERS\vpchbus.sys
18:48:30.0647 2816  vpcbus - ok
18:48:30.0694 2816  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\windows\system32\DRIVERS\vpcnfltr.sys
18:48:30.0928 2816  vpcnfltr - ok
18:48:30.0975 2816  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\windows\system32\DRIVERS\vpcusb.sys
18:48:31.0256 2816  vpcusb - ok
18:48:31.0318 2816  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\windows\system32\drivers\vpcvmm.sys
18:48:31.0568 2816  vpcvmm - ok
18:48:31.0630 2816  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
18:48:31.0864 2816  vsmraid - ok
18:48:31.0958 2816  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
18:48:32.0472 2816  VSS - ok
18:48:32.0519 2816  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:48:32.0831 2816  vwifibus - ok
18:48:32.0878 2816  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:48:33.0143 2816  vwififlt - ok
18:48:33.0221 2816  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
18:48:33.0596 2816  W32Time - ok
18:48:33.0689 2816  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\windows\system32\inetsrv\iisw3adm.dll
18:48:34.0095 2816  W3SVC - ok
18:48:34.0157 2816  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
18:48:34.0454 2816  WacomPen - ok
18:48:34.0516 2816  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:48:34.0875 2816  WANARP - ok
18:48:34.0906 2816  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:48:35.0280 2816  Wanarpv6 - ok
18:48:35.0358 2816  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\windows\system32\inetsrv\iisw3adm.dll
18:48:35.0670 2816  WAS - ok
18:48:35.0795 2816  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
18:48:36.0201 2816  WatAdminSvc - ok
18:48:36.0326 2816  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
18:48:36.0762 2816  wbengine - ok
18:48:36.0825 2816  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:48:37.0277 2816  WbioSrvc - ok
18:48:37.0386 2816  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
18:48:37.0839 2816  wcncsvc - ok
18:48:37.0901 2816  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:48:38.0322 2816  WcsPlugInService - ok
18:48:38.0369 2816  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
18:48:38.0744 2816  Wd - ok
18:48:38.0868 2816  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:48:39.0118 2816  Wdf01000 - ok
18:48:39.0196 2816  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:48:39.0508 2816  WdiServiceHost - ok
18:48:39.0570 2816  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
18:48:39.0867 2816  WdiSystemHost - ok
18:48:39.0929 2816  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
18:48:40.0444 2816  WebClient - ok
18:48:40.0538 2816  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:48:41.0006 2816  Wecsvc - ok
18:48:41.0037 2816  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
18:48:41.0318 2816  wercplsupport - ok
18:48:41.0396 2816  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
18:48:41.0708 2816  WerSvc - ok
18:48:41.0754 2816  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:48:42.0051 2816  WfpLwf - ok
18:48:42.0098 2816  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:48:42.0519 2816  WIMMount - ok
18:48:42.0566 2816  WinDefend - ok
18:48:42.0659 2816  WinHttpAutoProxySvc - ok
18:48:42.0768 2816  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
18:48:43.0096 2816  Winmgmt - ok
18:48:43.0205 2816  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
18:48:43.0767 2816  WinRM - ok
18:48:43.0876 2816  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
18:48:44.0250 2816  WinUsb - ok
18:48:44.0344 2816  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
18:48:44.0687 2816  Wlansvc - ok
18:48:44.0750 2816  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
18:48:44.0984 2816  WmiAcpi - ok
18:48:45.0046 2816  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:48:45.0592 2816  wmiApSrv - ok
18:48:45.0654 2816  WMPNetworkSvc - ok
18:48:45.0779 2816  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:48:46.0122 2816  WPCSvc - ok
18:48:46.0169 2816  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:48:46.0559 2816  WPDBusEnum - ok
18:48:46.0637 2816  [ C5CB802D660610D38B3AA0148D5498E1 ] WPS             C:\windows\system32\drivers\wpsdrvnt.sys
18:48:46.0824 2816  WPS - ok
18:48:46.0887 2816  [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper       C:\windows\system32\drivers\WpsHelper.sys
18:48:47.0308 2816  WpsHelper - ok
18:48:47.0355 2816  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
18:48:47.0651 2816  ws2ifsl - ok
18:48:47.0729 2816  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
18:48:48.0010 2816  wscsvc - ok
18:48:48.0072 2816  WSearch - ok
18:48:48.0244 2816  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
18:48:48.0821 2816  wuauserv - ok
18:48:48.0899 2816  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:48:49.0118 2816  WudfPf - ok
18:48:49.0180 2816  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:48:49.0492 2816  WUDFRd - ok
18:48:49.0554 2816  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
18:48:49.0804 2816  wudfsvc - ok
18:48:49.0898 2816  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
18:48:50.0303 2816  WwanSvc - ok
18:48:50.0397 2816  X6va002 - ok
18:48:50.0444 2816  X6va003 - ok
18:48:50.0475 2816  X6va005 - ok
18:48:50.0522 2816  X6va006 - ok
18:48:50.0553 2816  X6va007 - ok
18:48:50.0693 2816  X6va008 - ok
18:48:50.0709 2816  X6va009 - ok
18:48:50.0756 2816  X6va011 - ok
18:48:50.0818 2816  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:48:51.0083 2816  ZTEusbmdm6k - ok
18:48:51.0130 2816  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
18:48:51.0395 2816  ZTEusbnmea - ok
18:48:51.0442 2816  [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
18:48:51.0723 2816  ZTEusbser6k - ok
18:48:51.0816 2816  [ B685EB7AAC37E980E33A84E263D92110 ] ZTEusbwwan      C:\windows\system32\DRIVERS\ZTEusbwwan.sys
18:48:52.0035 2816  ZTEusbwwan - ok
18:48:52.0097 2816  ================ Scan global ===============================
18:48:52.0160 2816  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:48:52.0222 2816  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
18:48:52.0269 2816  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
18:48:52.0316 2816  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:48:52.0347 2816  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:48:52.0394 2816  [Global] - ok
18:48:52.0394 2816  ================ Scan MBR ==================================
18:48:52.0394 2816  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:48:53.0330 2816  \Device\Harddisk0\DR0 - ok
18:48:53.0330 2816  ================ Scan VBR ==================================
18:48:53.0345 2816  [ 96D3C70258F5F20CFEF4607E11883C1E ] \Device\Harddisk0\DR0\Partition1
18:48:53.0361 2816  \Device\Harddisk0\DR0\Partition1 - ok
18:48:53.0408 2816  [ 934F804A233CF9197D309FF9F3F42C4B ] \Device\Harddisk0\DR0\Partition2
18:48:53.0423 2816  \Device\Harddisk0\DR0\Partition2 - ok
18:48:53.0423 2816  ============================================================
18:48:53.0423 2816  Scan finished
18:48:53.0439 2816  ============================================================
18:48:53.0470 2764  Detected object count: 2
18:48:53.0470 2764  Actual detected object count: 2
18:50:13.0794 2764  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:13.0794 2764  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:50:13.0810 2764  MWconn_Internet_0 ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:13.0810 2764  MWconn_Internet_0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 13.12.2012, 18:30   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 11:31   #12
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo Cosinus,

Folgendes hab' ich gemacht:

Da ja alle Virenscanner etc. deaktiviert sein sollen, bevor ComboFix gestartet wird, hab ich mbam mit nem Rechtsklick auf das Icon in der Taskleiste und nem Klick auf "Verlassen" beenden wollen. Das hat nen Bluescreen und Neustart d. Rechners verursacht. Als Windows danach wieder komplett gestartet war, hab ich die beiden mbam-Dienste in der Systemsteuerung beendet und deaktiviert. Da trotzdem noch die Prozesse dazu im Taskmanager aktiv waren, hab ich die auch gekickt. Das hat dann funktioniert.

ComboFix kann ich nicht ausführen, zumindest nicht, wenn ich Windows normal gestartet habe. Ich führe es als Administrator aus, das Prog. startet und nach dem Punkt, wo die Registry gesichert wird, bekomme ich nach ca. 20 Sek. - 2 Min. einen Bluescreen und der Rechner startet neu. Das passiert jedes Mal. Ich hab noch nicht versucht, ComboFix im abgesicherten Modus zu starten.

Gibt es dazu irgendwelche Infos, die ich Dir dazu noch liefern kann (z.B. event viewer logs o.ä.)?

Meinst Du, es macht Sinn, überhaupt noch was zu versuchen und Stunde um Stunde Deiner und meiner Zeit zu investieren oder soll ich den Rechner neu aufsetzen?

Falls er neu aufgesetzt werden muss, hab ich noch eine Frage:
Da ich ein wirklich sauberes System danach haben möchte, werde ich keine Dateien sichern (die Verluste muss ich in Kauf nehmen) und auch kein Recovery durchführen.

Mit welchem Programm kann ich die HDD's so plattmachen, dass garantiert nichts mehr drauf sein kann (sag bitte nicht "mit dem LKW"). Nicht mal etwas, was nach einer "normalen" Formatierung noch drauf sein könnte.

Sorry, aber ich resigniere....
Bei jedem Win-Start 4 Minuten lang "Windows wird gestartet" anstarren zu müssen und nach 7 Minuten mal was am Rechner öffnen zu können, das dann mit nem Bluescreen endet, macht müde.

Gruß
schuka

Alt 14.12.2012, 12:16   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. Notfalls combofix im abgesicherten Modus mit Netzwerktreibern.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 15:29   #14
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo Cosinus,

das kann ich erst morgen oder übermorgen machen, da ich hier nur mit UMTS-Stick arbeite und nur zuhause WLAN habe (bin Wochenendpendler). Und der UMTS-Stick wird im abgesicherten Modus (auch mit Netzwerktreibern) nicht unterstützt.

Schönes Wochenende!

Gruß
schuka

Alt 15.12.2012, 16:27   #15
schuka
 
Massive Performanceeinbrüche durch Trojan.ADH.2? - Standard

Massive Performanceeinbrüche durch Trojan.ADH.2?



Hallo Cosinus,

hier das ComboFix-Log. Im abgesicherten Modus hat es funktioniert.

Code:
ATTFilter
ComboFix 12-12-14.01 - Steff 15.12.2012  15:07:09.1.2 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4096.2823 [GMT 1:00]
ausgeführt von:: c:\users\Steff\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\~.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-15 bis 2012-12-15  ))))))))))))))))))))))))))))))
.
.
2012-12-15 14:11 . 2012-12-15 14:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-09 19:05 . 2012-12-09 19:05	--------	d-----w-	c:\program files (x86)\ESET
2012-12-08 17:14 . 2012-12-08 17:14	--------	d-----w-	c:\users\Steff\AppData\Local\AMD
2012-12-08 17:07 . 2012-12-08 17:07	--------	d-----w-	c:\users\Steff\AppData\Roaming\ATI
2012-12-08 17:07 . 2012-12-08 17:07	--------	d-----w-	c:\users\Steff\AppData\Local\ATI
2012-12-08 17:07 . 2012-12-08 17:07	--------	d-----w-	c:\programdata\ATI
2012-12-08 17:04 . 2012-12-08 17:04	0	----a-w-	c:\windows\ativpsrm.bin
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files (x86)\AMD AVT
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files (x86)\AMD APP
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2012-12-08 16:52 . 2012-12-08 16:59	--------	d-----w-	c:\programdata\AMD
2012-12-08 16:52 . 2010-02-18 08:18	46136	----a-w-	c:\windows\system32\drivers\amdiox64.sys
2012-12-08 16:48 . 2012-02-23 12:32	95760	----a-w-	c:\windows\system32\drivers\AtihdW76.sys
2012-12-08 16:45 . 2012-04-06 02:00	64000	----a-w-	c:\windows\system32\coinst.dll
2012-12-08 16:45 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-12-08 16:43 . 2012-12-08 16:43	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-12-08 16:42 . 2012-12-08 16:42	--------	d-----w-	c:\program files\ATI
2012-12-08 16:38 . 2012-12-08 16:56	--------	d-----w-	c:\program files\ATI Technologies
2012-12-07 16:07 . 2012-12-07 16:17	--------	d-----w-	C:\ubcd-extracted
2012-12-06 20:09 . 2012-12-06 20:09	--------	d-----w-	c:\users\Steff\AppData\Local\Apps
2012-12-06 18:16 . 2012-12-06 18:16	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-06 18:15 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-06 18:15 . 2012-12-06 18:16	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 21:49 . 2009-10-29 18:28	119680	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-12-05 21:49 . 2009-10-29 18:28	119680	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-12-05 21:49 . 2009-10-29 18:28	119680	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-12-05 21:48 . 2012-12-05 22:53	--------	d-----w-	c:\program files (x86)\1&1 Surf-Stick
2012-12-05 21:45 . 2012-09-08 14:47	276992	----a-w-	c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\CONTROL.exe
2012-12-05 21:24 . 2009-10-29 18:28	11776	----a-w-	c:\windows\system32\drivers\massfilter.sys
2012-12-05 21:01 . 2012-12-05 21:01	--------	d-----w-	c:\users\Steff\AppData\Local\ElevatedDiagnostics
2012-12-05 20:48 . 2012-09-08 14:47	276992	----a-w-	c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTSGPRS.exe
2012-12-05 20:47 . 2012-09-08 14:47	276992	----a-w-	c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe
2012-12-05 20:47 . 2012-09-08 14:47	276992	----a-w-	c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\GPRS.exe
2012-12-05 20:47 . 2012-09-08 14:47	276992	----a-w-	c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\CONFIG.exe
2012-12-05 20:46 . 2012-09-08 14:47	276992	----a-w-	c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\MWconn.exe
2012-12-05 20:43 . 2012-12-05 21:24	--------	d-----w-	C:\MWconn
2012-12-05 09:29 . 2012-12-05 09:29	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-05 09:29 . 2012-12-05 09:29	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-04 23:05 . 2012-12-06 18:24	--------	d-----w-	c:\users\Steff\AppData\Roaming\dvdcss
2012-12-04 21:23 . 2012-12-04 21:23	--------	d-----w-	c:\program files\CCleaner
2012-12-04 19:54 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8129240-89A8-43F5-A40F-C3B6B44CEDFD}\mpengine.dll
2012-12-04 19:01 . 2012-12-04 19:01	--------	d-----w-	c:\users\Steff\AppData\Local\Microsoft_Corporation
2012-12-04 18:20 . 2012-12-04 18:20	4891377	----a-w-	c:\windows\SysWow64\~.tmp
2012-12-03 00:13 . 2012-12-03 00:13	289768	----a-w-	c:\windows\system32\javaws.exe
2012-12-03 00:13 . 2012-12-03 00:13	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-03 00:13 . 2012-12-03 00:13	189416	----a-w-	c:\windows\system32\javaw.exe
2012-12-03 00:13 . 2012-12-03 00:13	188904	----a-w-	c:\windows\system32\java.exe
2012-12-03 00:12 . 2012-12-03 00:12	--------	d-----w-	c:\program files\Java
2012-11-28 19:48 . 2012-11-28 19:47	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 13:58 . 2011-07-19 19:15	327680	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-12-03 00:13 . 2012-08-25 16:17	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-03 00:13 . 2012-08-25 16:17	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-28 19:47 . 2010-06-08 16:47	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-14 17:57 . 2009-12-13 15:37	66395536	------w-	c:\windows\system32\MRT.exe
2012-10-18 18:25 . 2012-11-14 17:54	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-10-16 08:38 . 2012-11-28 17:31	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:31	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:31	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 17:53	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 17:53	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:53	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:53	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-08 12:19 . 2012-11-14 18:02	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-10-08 11:42 . 2012-11-14 18:02	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-10-08 11:31 . 2012-11-14 18:02	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-10-08 11:24 . 2012-11-14 18:02	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-10-08 11:23 . 2012-11-14 18:02	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-10-08 11:22 . 2012-11-14 18:02	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-10-08 11:22 . 2012-11-14 18:02	237056	----a-w-	c:\windows\system32\url.dll
2012-10-08 11:20 . 2012-11-14 18:02	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-10-08 11:18 . 2012-11-14 18:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-10-08 11:17 . 2012-11-14 18:02	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-10-08 11:17 . 2012-11-14 18:02	816640	----a-w-	c:\windows\system32\jscript.dll
2012-10-08 11:15 . 2012-11-14 18:02	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-10-08 11:15 . 2012-11-14 18:02	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-10-08 11:13 . 2012-11-14 18:02	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-10-08 11:13 . 2012-11-14 18:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-10-08 11:09 . 2012-11-14 18:02	248320	----a-w-	c:\windows\system32\ieui.dll
2012-10-08 07:56 . 2012-11-14 18:02	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-10-08 07:48 . 2012-11-14 18:02	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-10-08 07:47 . 2012-11-14 18:02	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44 . 2012-11-14 18:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43 . 2012-11-14 18:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-10-08 07:40 . 2012-11-14 18:02	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-10-05 00:33 . 2011-09-02 13:02	233120	----a-w-	c:\windows\system32\drivers\wpshelper.sys
2012-10-03 17:56 . 2012-11-14 17:54	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 17:53	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 17:53	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 17:53	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 17:53	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 17:53	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 17:53	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 17:53	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 17:53	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 17:53	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 17:53	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 17:53	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 17:53	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-03 14120]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2010-10-03 22040]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 massfilter_hs;massfilter_hs;c:\windows\system32\drivers\massfilter_hs.sys [2009-02-03 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
R3 X6va002;X6va002;c:\users\Steff\AppData\Local\Temp\002474E.tmp [x]
R3 X6va003;X6va003;c:\users\Steff\AppData\Local\Temp\0033B21.tmp [x]
R3 X6va005;X6va005;c:\users\Steff\AppData\Local\Temp\005BB53.tmp [x]
R3 X6va006;X6va006;c:\users\Steff\AppData\Local\Temp\006E8C8.tmp [x]
R3 X6va007;X6va007;c:\users\Steff\AppData\Local\Temp\00714C9.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-06-02 235520]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 MWconn_Internet_0;MWconn_Internet;c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe [2012-09-08 276992]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-03-28 37456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [2010-10-03 1293824]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: An OneNote s&enden - f:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - f:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de
FF - ExtSQL: 2012-10-24 19:47; uriloader@pdf.js; c:\users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\PnkBstrA]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va002]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\002474E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va003]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\0033B21.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va005]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\005BB53.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va006]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\006E8C8.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va007]
"ImagePath"="\??\c:\users\Steff\AppData\Local\Temp\00714C9.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\0D756077321A70C3E844C138CE981581]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="8.0.50727"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\1B5423D68BD832A4C92DC2094FA0AB6F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="1.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\BC3612A074F4AA442A9163312306FC71]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="11.0.6005"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\D026E738E39B48D47A35EBD1EB7B611B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2562336682C91B850AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.66332652_9C28_58B1_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\6E8A266FCD4F2A1409E1C8110F44DBCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="4.20.9876"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\DDA39468D428E8B4DB27C8D5DC5CA217]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="4.20.9870"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.63E949F6_03BC_5C40_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\6E8A266FCD4F2A1409E1C8110F44DBCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9876.0"
"ProductVersion"="4.20.9876"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\DDA39468D428E8B4DB27C8D5DC5CA217]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9870.0"
"ProductVersion"="4.20.9870"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\94FB7165591953C49BDA8F1D56ED52BB\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.sxs.2E8D8EBB_CC16_45E1_BBCA_CB1ED881EDB7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AB4993037846EA74FAD1A76F80E8BEBD\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.sxs.2E8D8EBB_CC16_45E1_BBCA_CB1ED881EDB7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\1B5423D68BD832A4C92DC2094FA0AB6F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="1.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\7E577B2224C65CF4E801A9E52375DB49]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="14.0.1468"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\BC3612A074F4AA442A9163312306FC71]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="11.0.6005"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\D026E738E39B48D47A35EBD1EB7B611B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-15  15:13:28
ComboFix-quarantined-files.txt  2012-12-15 14:13
.
Vor Suchlauf: 9.730.334.720 Bytes frei
Nach Suchlauf: 9.696.641.024 Bytes frei
.
- - End Of File - - A1D95C9C2E8E6120FF84ADDA538034D8
         
Gruß
schuka

Antwort

Themen zu Massive Performanceeinbrüche durch Trojan.ADH.2?
100%, 7-zip, error, hewlett packard, install.exe, nodrives, nvidia update, registry cleaner, scan, software, starmoney, symantec, system, trojaner, windows



Ähnliche Themen: Massive Performanceeinbrüche durch Trojan.ADH.2?


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Massive Lagspikes, vermutlich verursacht durch Chrome
    Log-Analyse und Auswertung - 28.04.2015 (13)
  3. Massive Probleme mit Bluescreens..
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (3)
  4. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  5. Massive Bluescreens durch Windows/Treiber
    Alles rund um Windows - 23.10.2013 (2)
  6. Trojan.bebloh und Angriff durch Trojan.Ransomlock.P Activity 2
    Log-Analyse und Auswertung - 09.07.2013 (8)
  7. Wieder massive Probleme
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  8. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  9. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  10. Massive WLAN-Sicherheitslücke
    Nachrichten - 29.12.2011 (0)
  11. Massive Virenangriffe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (1)
  12. Massive Probleme trotz Neuaufsetzen?
    Mülltonne - 04.01.2009 (0)
  13. Massive Festplattenzugriffe und streikendes antivir
    Log-Analyse und Auswertung - 29.12.2008 (3)
  14. Massive I-Net Probleme - Benötige Hilfe
    Log-Analyse und Auswertung - 08.09.2008 (15)
  15. Massive Probleme mit dem Rechner
    Log-Analyse und Auswertung - 07.11.2005 (3)
  16. Massive Spam-Attacken
    Überwachung, Datenschutz und Spam - 23.10.2005 (4)
  17. Massive/hartnaeckige PC-Probleme
    Netzwerk und Hardware - 25.07.2003 (10)

Zum Thema Massive Performanceeinbrüche durch Trojan.ADH.2? - Hallo Boarderliner , heute hat mir mein SEP11 Autoprotect 2 x gemeldet, dass er den Trojan.ADH.2 gefunden hat. Etwas seltsam, da ich auf Grund extremer Performanceprobleme seit Tagen mein System - Massive Performanceeinbrüche durch Trojan.ADH.2?...
Archiv
Du betrachtest: Massive Performanceeinbrüche durch Trojan.ADH.2? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.