Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Pc / INternet langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2012, 09:51   #1
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hallo Leute ,

Mein Pc wird zunehmend langsamer und iwo habe ich das gefühl , dass bei mir allerhand durchs netz geht , da mein Internet in gewisser Weise extreme Schwankungen hat . Zudem sagt google.de , dass bei mir iwas schief läuft , seiten werden nicht geöffnet ( genauen text weiß ich nicht ) .


Code:
ATTFilter
OTL logfile created on: 21.12.2012 09:41:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dustin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,72 Gb Available Physical Memory | 71,85% Memory free
15,92 Gb Paging File | 13,54 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,29 Gb Total Space | 697,56 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 3,60 Gb Free Space | 95,42% Space Free | Partition Type: FAT32
 
Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.21 09:40:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Downloads\OTL.exe
PRC - [2012.12.21 09:25:45 | 000,041,912 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\patch_d.exe
PRC - [2012.12.21 09:25:37 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.12.06 23:27:46 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.10.27 10:27:29 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.08.31 21:48:38 | 000,111,664 | ---- | M] (TMRG,  Inc.) -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
PRC - [2012.08.31 21:48:34 | 003,345,456 | ---- | M] (TMRG,  Inc.) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.02 16:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.04.01 16:08:50 | 010,918,400 | ---- | M] (TP-LINK Technology, Corp.) -- C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
PRC - [2011.03.14 14:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.06 23:27:46 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.17 11:52:24 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll
MOD - [2012.11.17 11:51:30 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll
MOD - [2012.11.17 11:51:24 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.15 23:20:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.15 23:20:31 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.15 23:20:26 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.15 23:20:24 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll
MOD - [2012.11.15 23:18:01 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012.11.15 23:17:59 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.15 23:17:57 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.15 23:17:56 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012.11.15 23:17:55 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.15 23:17:51 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012.08.24 08:58:11 | 000,115,137 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2012.07.02 16:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.03.14 14:20:20 | 001,033,568 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\COMMON\RaWLAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.12.11 08:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV - [2012.12.21 09:25:37 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.12.11 21:49:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.06 23:27:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.10.28 11:35:48 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.08.31 21:48:38 | 000,111,664 | ---- | M] (TMRG,  Inc.) [Auto | Running] -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.03.14 14:25:48 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.14 14:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011.03.14 14:20:16 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe -- (TpMediaServer)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.21 09:40:36 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.21 09:40:36 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.12.21 09:40:36 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.12.21 09:40:35 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.21 11:12:08 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.03.23 12:54:38 | 000,027,288 | ---- | M] (Ekahau Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ekaprot6.sys -- (EkaProt6)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.27 10:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.27 10:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.03.14 14:25:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.12.11 09:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.11 07:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://rautemusik-club.radio.de/"
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.ftp: "193.17.184.49"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "193.17.184.49"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "193.17.184.49"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "193.17.184.49"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox [2012.12.11 10:54:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 09:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 09:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 09:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:27:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 23:27:44 | 000,000,000 | ---D | M]
 
[2012.08.22 17:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions
[2012.11.24 09:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\4a9djrri.default\extensions
[2012.11.24 09:41:58 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\4a9djrri.default\extensions\stealthyextension@gmail.com.xpi
[2012.11.23 14:28:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\4a9djrri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.06 23:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 23:27:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.06 23:27:46 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 12:31:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: Skype Click to Call = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: AVG Do Not Track = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B99958A8-88BB-4642-8142-C82918C29600}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{48542547-d7c6-11e1-a5a9-00078721bca3}\Shell - "" = AutoRun
O33 - MountPoints2\{48542547-d7c6-11e1-a5a9-00078721bca3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.21 09:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.12.21 09:31:20 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.12.21 09:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2012.12.21 09:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012.12.21 09:19:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012.12.21 09:18:36 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.12.21 09:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.12.21 09:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.12.21 09:18:21 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.12.21 09:18:21 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012.12.19 13:26:11 | 000,000,000 | R--D | C] -- C:\Users\Dustin\Desktop\Videos
[2012.12.19 13:14:29 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Musik
[2012.12.10 19:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RelevantKnowledge
[2012.12.10 19:39:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Audio Recorder for Free
[2012.12.10 19:39:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Audio Recorder for Free
[2012.12.10 19:38:36 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2012.12.10 19:38:36 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2012.12.10 19:38:36 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2012.12.10 19:38:36 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2012.12.10 19:38:36 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2012.12.10 19:38:36 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2012.12.10 19:38:36 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2012.12.10 19:38:36 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2012.12.10 19:38:36 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2012.12.10 19:38:36 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2012.12.10 19:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder for Free
[2012.12.10 19:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder for Free
[2012.12.10 19:38:03 | 008,093,512 | ---- | C] (Copyright© 2006-2012 AudioToolMedia Software.               ) -- C:\Users\Dustin\Desktop\AudioRecorderforFree_12.9.8.exe
[2012.12.09 13:38:20 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Ekahau Site Survey
[2012.12.09 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ekahau
[2012.12.09 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ekahau
[2012.12.06 23:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.29 20:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.11.29 20:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.11.21 12:53:18 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Apps
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.21 09:42:51 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.21 09:40:36 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2012.12.21 09:40:36 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012.12.21 09:40:36 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012.12.21 09:40:35 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.12.21 09:35:03 | 000,000,000 | ---- | M] () -- C:\Users\Dustin\defogger_reenable
[2012.12.21 09:31:20 | 000,002,981 | ---- | M] () -- C:\Users\Dustin\Desktop\HiJackThis.lnk
[2012.12.21 09:29:13 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 09:29:13 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 09:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 09:21:09 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.21 09:19:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.12.21 08:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 20:54:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 20:54:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 20:54:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 20:54:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 20:54:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.18 13:46:29 | 000,276,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.10 19:38:37 | 000,001,076 | ---- | M] () -- C:\Users\Dustin\Desktop\Audio Recorder for Free.lnk
[2012.12.10 19:38:16 | 008,093,512 | ---- | M] (Copyright© 2006-2012 AudioToolMedia Software.               ) -- C:\Users\Dustin\Desktop\AudioRecorderforFree_12.9.8.exe
[2012.12.09 13:40:07 | 000,117,497 | ---- | M] () -- C:\Users\Dustin\Documents\grid.png
[2012.12.06 09:46:04 | 000,001,000 | ---- | M] () -- C:\Users\Dustin\Desktop\21112012_Kokosmakronencreme mit Himbeersauce.lnk
[2012.12.06 09:46:00 | 000,000,930 | ---- | M] () -- C:\Users\Dustin\Desktop\21112012_Möhren-Orangen-Kuchen.lnk
[2012.12.03 09:31:11 | 000,172,346 | ---- | M] () -- C:\Users\Dustin\Desktop\1 PDF-Brief_ZZ und KB on top_neutralv2.pdf
[2012.11.29 20:38:08 | 000,006,928 | ---- | M] () -- C:\Users\Dustin\Desktop\73016(1).pdf
[2012.11.29 20:38:03 | 000,054,261 | ---- | M] () -- C:\Users\Dustin\Desktop\73016.pdf
[2012.11.29 20:33:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.11.22 02:07:16 | 001,284,847 | ---- | M] () -- C:\Users\Dustin\Desktop\2012-11-22 01.07.17.jpg
[2012.11.22 01:48:00 | 001,378,544 | ---- | M] () -- C:\Users\Dustin\Desktop\2012-11-22 00.48.00.jpg
[2012.11.22 01:47:38 | 001,275,324 | ---- | M] () -- C:\Users\Dustin\Desktop\2012-11-22 00.47.38.jpg
 
========== Files Created - No Company Name ==========
 
[2012.12.21 09:35:03 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\defogger_reenable
[2012.12.21 09:31:20 | 000,002,981 | ---- | C] () -- C:\Users\Dustin\Desktop\HiJackThis.lnk
[2012.12.21 09:19:47 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.12.10 19:38:37 | 000,001,076 | ---- | C] () -- C:\Users\Dustin\Desktop\Audio Recorder for Free.lnk
[2012.12.10 19:38:36 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2012.12.09 13:40:06 | 000,117,497 | ---- | C] () -- C:\Users\Dustin\Documents\grid.png
[2012.12.03 09:31:11 | 000,172,346 | ---- | C] () -- C:\Users\Dustin\Desktop\1 PDF-Brief_ZZ und KB on top_neutralv2.pdf
[2012.12.03 09:28:44 | 000,001,000 | ---- | C] () -- C:\Users\Dustin\Desktop\21112012_Kokosmakronencreme mit Himbeersauce.lnk
[2012.12.03 09:28:41 | 000,000,930 | ---- | C] () -- C:\Users\Dustin\Desktop\21112012_Möhren-Orangen-Kuchen.lnk
[2012.11.29 20:38:07 | 000,006,928 | ---- | C] () -- C:\Users\Dustin\Desktop\73016(1).pdf
[2012.11.29 20:38:02 | 000,054,261 | ---- | C] () -- C:\Users\Dustin\Desktop\73016.pdf
[2012.11.29 20:33:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.11.22 01:11:38 | 001,378,544 | ---- | C] () -- C:\Users\Dustin\Desktop\2012-11-22 00.48.00.jpg
[2012.11.22 01:11:38 | 001,284,847 | ---- | C] () -- C:\Users\Dustin\Desktop\2012-11-22 01.07.17.jpg
[2012.11.22 01:11:38 | 001,275,324 | ---- | C] () -- C:\Users\Dustin\Desktop\2012-11-22 00.47.38.jpg
[2012.09.05 15:19:21 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.09.05 15:18:59 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.09.05 15:18:59 | 000,000,452 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.08.30 12:18:43 | 000,000,450 | ---- | C] () -- C:\Program Files (x86)\release
[2012.08.30 12:18:18 | 000,003,409 | ---- | C] () -- C:\Program Files (x86)\COPYRIGHT
[2012.08.30 12:18:18 | 000,000,983 | ---- | C] () -- C:\Program Files (x86)\Welcome.html
[2012.08.30 12:18:18 | 000,000,041 | ---- | C] () -- C:\Program Files (x86)\LICENSE
[2012.07.03 08:42:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.03 08:40:07 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.10 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Audio Recorder for Free
[2012.10.26 14:42:00 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\AVG2013
[2012.11.21 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\ICQ
[2012.07.22 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\ICQ Search
[2012.07.03 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\LolClient
[2012.07.27 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Samsung
[2012.12.20 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Spotify
[2012.08.29 16:15:44 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\TS3Client
[2012.10.26 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\TuneUp Software
[2012.07.28 19:28:53 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >
         
hallo und zwar denke ich das es diese hier ist :

Relevant knowledge :


ich habe es mal deinstalliert , aber ich kann die dateien aus Proramm files/Relvant knowldege nicht deinstallieren

^bzw. nicht löscheh ( deinstaliieren xD )

Alt 21.12.2012, 11:53   #2
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



hi
was heißt irgendwas, mit solchen "Aussagen" kann niemand arbeiten, prüfe es, und poste genau was passiert.
bitte verzichte auf den Einsatz von Hijackthis, wird nicht mehr weiterentwickelt und kann unter neuen Systemen Probleme machen, ich hoffe, du hast mit dem Programm nicht schon selbst Hand angelegt?
Bitte lösche nicht wild drauf los, es wird bitte nur das gemacht, was hier steht.
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) -  File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________

__________________

Alt 21.12.2012, 12:05   #3
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



So hat gut geklappt , noch ein Windows update hat sich nebenbei installiert


Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Dustin
->Flash cache emptied: 36476 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dustin
->Temp folder emptied: 80294132 bytes
->Temporary Internet Files folder emptied: 234831302 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 415267133 bytes
->Google Chrome cache emptied: 6782476 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52611226 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 45031126 bytes
 
Total Files Cleaned = 796,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12212012_125915

Files\Folders moved on Reboot...
C:\Users\Dustin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dustin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MRKVHFSX\128408-pc-internet-langsam[1].htm moved successfully.
C:\Users\Dustin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 21.12.2012, 12:32   #4
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 12:59   #5
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Why macht man da nen log ?

Suspicious IDriverT (UnsignedFile.Multi.Generic)
Skipped by user IDriverT (UnsignedFile.Multi.Generic)


dass waren die beiden angezeigten

wer lesen kann ist klar im Vorteil xD


Code:
ATTFilter
13:54:22.0286 3484  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:54:22.0287 3484  UEFI system
13:54:22.0480 3484  ============================================================
13:54:22.0480 3484  Current date / time: 2012/12/21 13:54:22.0480
13:54:22.0480 3484  SystemInfo:
13:54:22.0480 3484  
13:54:22.0480 3484  OS Version: 6.1.7601 ServicePack: 1.0
13:54:22.0480 3484  Product type: Workstation
13:54:22.0481 3484  ComputerName: DUSTIN-PC
13:54:22.0481 3484  UserName: Dustin
13:54:22.0481 3484  Windows directory: C:\Windows
13:54:22.0481 3484  System windows directory: C:\Windows
13:54:22.0481 3484  Running under WOW64
13:54:22.0481 3484  Processor architecture: Intel x64
13:54:22.0481 3484  Number of processors: 4
13:54:22.0481 3484  Page size: 0x1000
13:54:22.0481 3484  Boot type: Normal boot
13:54:22.0481 3484  ============================================================
13:54:23.0383 3484  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:54:23.0386 3484  Drive \Device\Harddisk1\DR1 - Size: 0xF1C00000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:23.0388 3484  ============================================================
13:54:23.0388 3484  \Device\Harddisk0\DR0:
13:54:23.0388 3484  GPT partitions:
13:54:23.0388 3484  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6A4DBCE5-F91A-4725-BE1E-D55C41656AE7}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:54:23.0388 3484  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4B04E50A-4140-41DD-852E-2D16CE32A6D1}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
13:54:23.0388 3484  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DDBF5510-21A0-4BB1-95A7-9562B682FBC6}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
13:54:23.0388 3484  MBR partitions:
13:54:23.0388 3484  \Device\Harddisk1\DR1:
13:54:23.0389 3484  MBR partitions:
13:54:23.0389 3484  ============================================================
13:54:23.0412 3484  C: <-> \Device\Harddisk0\DR0\Partition3
13:54:23.0413 3484  ============================================================
13:54:23.0413 3484  Initialize success
13:54:23.0413 3484  ============================================================
13:54:52.0432 4760  ============================================================
13:54:52.0432 4760  Scan started
13:54:52.0432 4760  Mode: Manual; SigCheck; TDLFS; 
13:54:52.0432 4760  ============================================================
13:54:52.0906 4760  ================ Scan system memory ========================
13:54:52.0906 4760  System memory - ok
13:54:52.0906 4760  ================ Scan services =============================
13:54:53.0024 4760  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:54:53.0098 4760  1394ohci - ok
13:54:53.0118 4760  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:54:53.0129 4760  ACPI - ok
13:54:53.0141 4760  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:54:53.0210 4760  AcpiPmi - ok
13:54:53.0269 4760  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:54:53.0277 4760  AdobeARMservice - ok
13:54:53.0346 4760  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:54:53.0355 4760  AdobeFlashPlayerUpdateSvc - ok
13:54:53.0384 4760  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:54:53.0405 4760  adp94xx - ok
13:54:53.0417 4760  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:54:53.0436 4760  adpahci - ok
13:54:53.0444 4760  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:54:53.0459 4760  adpu320 - ok
13:54:53.0482 4760  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:54:53.0576 4760  AeLookupSvc - ok
13:54:53.0605 4760  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:54:53.0635 4760  AFD - ok
13:54:53.0661 4760  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:54:53.0674 4760  agp440 - ok
13:54:53.0677 4760  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:54:53.0707 4760  ALG - ok
13:54:53.0724 4760  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:54:53.0736 4760  aliide - ok
13:54:53.0766 4760  [ E886A4DB908F4184BA24431A41AD76B7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:54:53.0800 4760  AMD External Events Utility - ok
13:54:53.0818 4760  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:54:53.0830 4760  amdide - ok
13:54:53.0844 4760  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:54:53.0874 4760  AmdK8 - ok
13:54:54.0070 4760  [ A497FF5AE4D0C93DA2CFB98E6A355C1F ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
13:54:54.0221 4760  amdkmdag - ok
13:54:54.0278 4760  [ 91B89BE832D436AF257B91666BC32C30 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:54:54.0307 4760  amdkmdap - ok
13:54:54.0327 4760  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:54:54.0359 4760  AmdPPM - ok
13:54:54.0406 4760  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:54:54.0416 4760  amdsata - ok
13:54:54.0427 4760  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:54:54.0443 4760  amdsbs - ok
13:54:54.0458 4760  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:54:54.0466 4760  amdxata - ok
13:54:54.0492 4760  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
13:54:54.0523 4760  androidusb - ok
13:54:54.0561 4760  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:54:54.0675 4760  AppID - ok
13:54:54.0698 4760  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:54:54.0741 4760  AppIDSvc - ok
13:54:54.0778 4760  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:54:54.0815 4760  Appinfo - ok
13:54:54.0829 4760  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:54:54.0842 4760  arc - ok
13:54:54.0854 4760  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:54:54.0868 4760  arcsas - ok
13:54:54.0884 4760  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:54:54.0929 4760  AsyncMac - ok
13:54:54.0946 4760  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:54:54.0954 4760  atapi - ok
13:54:54.0995 4760  [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
13:54:55.0003 4760  AtiHdmiService - ok
13:54:55.0028 4760  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:54:55.0054 4760  AudioEndpointBuilder - ok
13:54:55.0062 4760  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:54:55.0088 4760  AudioSrv - ok
13:54:55.0129 4760  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:54:55.0135 4760  Avgfwfd - ok
13:54:55.0184 4760  [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
13:54:55.0203 4760  avgfws - ok
13:54:55.0303 4760  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
13:54:55.0364 4760  AVGIDSAgent - ok
13:54:55.0387 4760  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:54:55.0395 4760  AVGIDSDriver - ok
13:54:55.0415 4760  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
13:54:55.0423 4760  AVGIDSHA - ok
13:54:55.0441 4760  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
13:54:55.0450 4760  Avgldx64 - ok
13:54:55.0462 4760  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
13:54:55.0471 4760  Avgloga - ok
13:54:55.0484 4760  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
13:54:55.0491 4760  Avgmfx64 - ok
13:54:55.0497 4760  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
13:54:55.0504 4760  Avgrkx64 - ok
13:54:55.0518 4760  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
13:54:55.0527 4760  Avgtdia - ok
13:54:55.0536 4760  [ E964EA70249DDE1343C8F694B52575EE ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
13:54:55.0543 4760  avgtp - ok
13:54:55.0559 4760  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
13:54:55.0568 4760  avgwd - ok
13:54:55.0723 4760  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
13:54:55.0733 4760  AVP - ok
13:54:55.0759 4760  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:54:55.0820 4760  AxInstSV - ok
13:54:55.0854 4760  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:54:55.0894 4760  b06bdrv - ok
13:54:55.0926 4760  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:54:55.0958 4760  b57nd60a - ok
13:54:56.0007 4760  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:54:56.0016 4760  BDESVC - ok
13:54:56.0039 4760  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:54:56.0080 4760  Beep - ok
13:54:56.0130 4760  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:54:56.0159 4760  BFE - ok
13:54:56.0177 4760  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:54:56.0219 4760  BITS - ok
13:54:56.0245 4760  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:54:56.0268 4760  blbdrive - ok
13:54:56.0294 4760  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:54:56.0303 4760  bowser - ok
13:54:56.0313 4760  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:54:56.0376 4760  BrFiltLo - ok
13:54:56.0386 4760  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:54:56.0423 4760  BrFiltUp - ok
13:54:56.0458 4760  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:54:56.0486 4760  Browser - ok
13:54:56.0508 4760  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:54:56.0550 4760  Brserid - ok
13:54:56.0575 4760  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:54:56.0607 4760  BrSerWdm - ok
13:54:56.0626 4760  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:54:56.0660 4760  BrUsbMdm - ok
13:54:56.0701 4760  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:54:56.0714 4760  BrUsbSer - ok
13:54:56.0721 4760  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:54:56.0755 4760  BTHMODEM - ok
13:54:56.0793 4760  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:54:56.0832 4760  bthserv - ok
13:54:56.0861 4760  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:54:56.0890 4760  cdfs - ok
13:54:56.0916 4760  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:54:56.0945 4760  cdrom - ok
13:54:56.0974 4760  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:54:56.0998 4760  CertPropSvc - ok
13:54:57.0007 4760  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:54:57.0041 4760  circlass - ok
13:54:57.0069 4760  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:54:57.0079 4760  CLFS - ok
13:54:57.0131 4760  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:57.0159 4760  clr_optimization_v2.0.50727_32 - ok
13:54:57.0205 4760  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:54:57.0223 4760  clr_optimization_v2.0.50727_64 - ok
13:54:57.0266 4760  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:57.0276 4760  clr_optimization_v4.0.30319_32 - ok
13:54:57.0287 4760  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:54:57.0296 4760  clr_optimization_v4.0.30319_64 - ok
13:54:57.0309 4760  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:54:57.0324 4760  CmBatt - ok
13:54:57.0334 4760  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:54:57.0347 4760  cmdide - ok
13:54:57.0370 4760  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:54:57.0386 4760  CNG - ok
13:54:57.0399 4760  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:54:57.0410 4760  Compbatt - ok
13:54:57.0428 4760  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:54:57.0456 4760  CompositeBus - ok
13:54:57.0458 4760  COMSysApp - ok
13:54:57.0480 4760  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:54:57.0492 4760  crcdisk - ok
13:54:57.0524 4760  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:54:57.0558 4760  CryptSvc - ok
13:54:57.0604 4760  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:54:57.0662 4760  DcomLaunch - ok
13:54:57.0692 4760  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:54:57.0739 4760  defragsvc - ok
13:54:57.0770 4760  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:54:57.0813 4760  DfsC - ok
13:54:57.0848 4760  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:54:57.0859 4760  Dhcp - ok
13:54:57.0868 4760  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:54:57.0892 4760  discache - ok
13:54:57.0902 4760  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:54:57.0910 4760  Disk - ok
13:54:57.0935 4760  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:54:57.0960 4760  Dnscache - ok
13:54:57.0989 4760  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:54:58.0013 4760  dot3svc - ok
13:54:58.0064 4760  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:54:58.0109 4760  DPS - ok
13:54:58.0135 4760  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:54:58.0171 4760  drmkaud - ok
13:54:58.0204 4760  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:54:58.0219 4760  DXGKrnl - ok
13:54:58.0252 4760  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:54:58.0276 4760  EapHost - ok
13:54:58.0328 4760  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:54:58.0401 4760  ebdrv - ok
13:54:58.0421 4760  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:54:58.0445 4760  EFS - ok
13:54:58.0478 4760  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:54:58.0491 4760  ehRecvr - ok
13:54:58.0515 4760  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:54:58.0527 4760  ehSched - ok
13:54:58.0550 4760  [ 44CE3346DBB530FB4A529854CC68DBFC ] EkaProt6        C:\Windows\system32\DRIVERS\ekaprot6.sys
13:54:58.0561 4760  EkaProt6 - ok
13:54:58.0584 4760  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:54:58.0605 4760  elxstor - ok
13:54:58.0623 4760  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:54:58.0654 4760  ErrDev - ok
13:54:58.0696 4760  [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
13:54:58.0718 4760  EtronHub3 - ok
13:54:58.0742 4760  [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
13:54:58.0765 4760  EtronXHCI - ok
13:54:58.0796 4760  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:54:58.0821 4760  EventSystem - ok
13:54:58.0833 4760  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:54:58.0864 4760  exfat - ok
13:54:58.0881 4760  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:54:58.0925 4760  fastfat - ok
13:54:58.0970 4760  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:54:59.0005 4760  Fax - ok
13:54:59.0029 4760  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:54:59.0042 4760  fdc - ok
13:54:59.0059 4760  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:54:59.0100 4760  fdPHost - ok
13:54:59.0122 4760  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:54:59.0170 4760  FDResPub - ok
13:54:59.0172 4760  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:54:59.0180 4760  FileInfo - ok
13:54:59.0219 4760  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:54:59.0276 4760  Filetrace - ok
13:54:59.0287 4760  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:54:59.0301 4760  flpydisk - ok
13:54:59.0305 4760  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:54:59.0314 4760  FltMgr - ok
13:54:59.0355 4760  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
13:54:59.0388 4760  FontCache - ok
13:54:59.0423 4760  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:54:59.0436 4760  FontCache3.0.0.0 - ok
13:54:59.0447 4760  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:54:59.0455 4760  FsDepends - ok
13:54:59.0469 4760  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:54:59.0476 4760  Fs_Rec - ok
13:54:59.0494 4760  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:54:59.0505 4760  fvevol - ok
13:54:59.0523 4760  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:54:59.0536 4760  gagp30kx - ok
13:54:59.0561 4760  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:54:59.0606 4760  gpsvc - ok
13:54:59.0630 4760  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:54:59.0657 4760  hcw85cir - ok
13:54:59.0699 4760  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:54:59.0711 4760  HdAudAddService - ok
13:54:59.0729 4760  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:54:59.0739 4760  HDAudBus - ok
13:54:59.0752 4760  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:54:59.0765 4760  HidBatt - ok
13:54:59.0778 4760  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:54:59.0790 4760  HidBth - ok
13:54:59.0804 4760  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:54:59.0819 4760  HidIr - ok
13:54:59.0833 4760  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:54:59.0872 4760  hidserv - ok
13:54:59.0894 4760  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:54:59.0903 4760  HidUsb - ok
13:54:59.0950 4760  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:55:00.0004 4760  hkmsvc - ok
13:55:00.0037 4760  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:55:00.0069 4760  HomeGroupListener - ok
13:55:00.0090 4760  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:55:00.0117 4760  HomeGroupProvider - ok
13:55:00.0149 4760  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:55:00.0163 4760  HpSAMD - ok
13:55:00.0187 4760  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:55:00.0231 4760  HTTP - ok
13:55:00.0248 4760  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:55:00.0255 4760  hwpolicy - ok
13:55:00.0269 4760  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:55:00.0278 4760  i8042prt - ok
13:55:00.0294 4760  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:55:00.0313 4760  iaStorV - ok
13:55:00.0379 4760  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:55:00.0414 4760  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:55:00.0414 4760  IDriverT - detected UnsignedFile.Multi.Generic (1)
13:55:00.0444 4760  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:00.0476 4760  idsvc - ok
13:55:00.0492 4760  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:55:00.0504 4760  iirsp - ok
13:55:00.0525 4760  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:55:00.0569 4760  IKEEXT - ok
13:55:00.0594 4760  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:55:00.0605 4760  intelide - ok
13:55:00.0620 4760  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:55:00.0630 4760  intelppm - ok
13:55:00.0646 4760  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:55:00.0669 4760  IPBusEnum - ok
13:55:00.0688 4760  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:55:00.0737 4760  IpFilterDriver - ok
13:55:00.0776 4760  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:55:00.0789 4760  iphlpsvc - ok
13:55:00.0804 4760  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:55:00.0815 4760  IPMIDRV - ok
13:55:00.0825 4760  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:55:00.0872 4760  IPNAT - ok
13:55:00.0894 4760  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:55:00.0925 4760  IRENUM - ok
13:55:00.0944 4760  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:55:00.0957 4760  isapnp - ok
13:55:00.0968 4760  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:55:00.0985 4760  iScsiPrt - ok
13:55:01.0020 4760  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:55:01.0030 4760  iusb3hub - ok
13:55:01.0047 4760  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:55:01.0061 4760  iusb3xhc - ok
13:55:01.0078 4760  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:55:01.0086 4760  kbdclass - ok
13:55:01.0126 4760  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:55:01.0165 4760  kbdhid - ok
13:55:01.0186 4760  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:55:01.0195 4760  KeyIso - ok
13:55:01.0251 4760  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
13:55:01.0263 4760  kl1 - ok
13:55:01.0334 4760  [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
13:55:01.0346 4760  KLIF - ok
13:55:01.0406 4760  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
13:55:01.0413 4760  KLIM6 - ok
13:55:01.0450 4760  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
13:55:01.0457 4760  klkbdflt - ok
13:55:01.0472 4760  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
13:55:01.0479 4760  klmouflt - ok
13:55:01.0491 4760  [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
13:55:01.0498 4760  kltdi - ok
13:55:01.0513 4760  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
13:55:01.0521 4760  kneps - ok
13:55:01.0554 4760  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:55:01.0561 4760  KSecDD - ok
13:55:01.0569 4760  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:55:01.0578 4760  KSecPkg - ok
13:55:01.0590 4760  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:55:01.0630 4760  ksthunk - ok
13:55:01.0659 4760  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:55:01.0694 4760  KtmRm - ok
13:55:01.0729 4760  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
13:55:01.0743 4760  L1C - ok
13:55:01.0763 4760  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:55:01.0804 4760  LanmanServer - ok
13:55:01.0828 4760  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:55:01.0873 4760  LanmanWorkstation - ok
13:55:01.0905 4760  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:55:01.0949 4760  lltdio - ok
13:55:01.0978 4760  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:55:02.0030 4760  lltdsvc - ok
13:55:02.0050 4760  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:55:02.0072 4760  lmhosts - ok
13:55:02.0090 4760  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:55:02.0104 4760  LSI_FC - ok
13:55:02.0107 4760  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:55:02.0121 4760  LSI_SAS - ok
13:55:02.0139 4760  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:55:02.0152 4760  LSI_SAS2 - ok
13:55:02.0159 4760  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:55:02.0173 4760  LSI_SCSI - ok
13:55:02.0194 4760  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:55:02.0216 4760  luafv - ok
13:55:02.0258 4760  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
13:55:02.0284 4760  McComponentHostService - ok
13:55:02.0307 4760  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:55:02.0323 4760  Mcx2Svc - ok
13:55:02.0336 4760  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:55:02.0343 4760  megasas - ok
13:55:02.0358 4760  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:55:02.0370 4760  MegaSR - ok
13:55:02.0402 4760  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:55:02.0409 4760  MEIx64 - ok
13:55:02.0428 4760  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:55:02.0473 4760  MMCSS - ok
13:55:02.0493 4760  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:55:02.0534 4760  Modem - ok
13:55:02.0561 4760  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:55:02.0588 4760  monitor - ok
13:55:02.0616 4760  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:55:02.0624 4760  mouclass - ok
13:55:02.0644 4760  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:55:02.0674 4760  mouhid - ok
13:55:02.0716 4760  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:55:02.0724 4760  mountmgr - ok
13:55:02.0761 4760  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:55:02.0783 4760  MozillaMaintenance - ok
13:55:02.0793 4760  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:55:02.0808 4760  mpio - ok
13:55:02.0824 4760  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:55:02.0847 4760  mpsdrv - ok
13:55:02.0874 4760  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:55:02.0923 4760  MpsSvc - ok
13:55:02.0954 4760  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:55:02.0988 4760  MRxDAV - ok
13:55:03.0019 4760  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:03.0046 4760  mrxsmb - ok
13:55:03.0066 4760  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:03.0093 4760  mrxsmb10 - ok
13:55:03.0123 4760  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:03.0153 4760  mrxsmb20 - ok
13:55:03.0177 4760  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:55:03.0195 4760  msahci - ok
13:55:03.0222 4760  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:55:03.0244 4760  msdsm - ok
13:55:03.0256 4760  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:55:03.0276 4760  MSDTC - ok
13:55:03.0293 4760  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:55:03.0321 4760  Msfs - ok
13:55:03.0339 4760  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:55:03.0378 4760  mshidkmdf - ok
13:55:03.0394 4760  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:55:03.0402 4760  msisadrv - ok
13:55:03.0419 4760  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:55:03.0449 4760  MSiSCSI - ok
13:55:03.0451 4760  msiserver - ok
13:55:03.0473 4760  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:55:03.0500 4760  MSKSSRV - ok
13:55:03.0512 4760  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:03.0555 4760  MSPCLOCK - ok
13:55:03.0574 4760  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:55:03.0617 4760  MSPQM - ok
13:55:03.0648 4760  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:55:03.0658 4760  MsRPC - ok
13:55:03.0668 4760  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:55:03.0675 4760  mssmbios - ok
13:55:03.0687 4760  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:55:03.0737 4760  MSTEE - ok
13:55:03.0756 4760  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:55:03.0768 4760  MTConfig - ok
13:55:03.0782 4760  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:55:03.0790 4760  Mup - ok
13:55:03.0809 4760  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:55:03.0853 4760  napagent - ok
13:55:03.0882 4760  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:55:03.0912 4760  NativeWifiP - ok
13:55:03.0949 4760  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:55:03.0965 4760  NDIS - ok
13:55:03.0997 4760  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:55:04.0020 4760  NdisCap - ok
13:55:04.0057 4760  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:04.0119 4760  NdisTapi - ok
13:55:04.0159 4760  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:04.0182 4760  Ndisuio - ok
13:55:04.0202 4760  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:04.0243 4760  NdisWan - ok
13:55:04.0274 4760  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:55:04.0315 4760  NDProxy - ok
13:55:04.0349 4760  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:55:04.0436 4760  NetBIOS - ok
13:55:04.0467 4760  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:55:04.0555 4760  NetBT - ok
13:55:04.0599 4760  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:55:04.0616 4760  Netlogon - ok
13:55:04.0638 4760  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:55:04.0691 4760  Netman - ok
13:55:04.0698 4760  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:55:04.0782 4760  netprofm - ok
13:55:04.0828 4760  [ 53D7442AA919C91D055DBD44635F32B1 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
13:55:04.0848 4760  netr28ux - ok
13:55:04.0869 4760  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:04.0878 4760  NetTcpPortSharing - ok
13:55:04.0902 4760  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:55:04.0914 4760  nfrd960 - ok
13:55:04.0931 4760  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:55:04.0965 4760  NlaSvc - ok
13:55:05.0012 4760  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
13:55:05.0019 4760  NPF - ok
13:55:05.0023 4760  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:55:05.0062 4760  Npfs - ok
13:55:05.0091 4760  npggsvc - ok
13:55:05.0113 4760  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:55:05.0174 4760  nsi - ok
13:55:05.0186 4760  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:55:05.0233 4760  nsiproxy - ok
13:55:05.0275 4760  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:55:05.0315 4760  Ntfs - ok
13:55:05.0322 4760  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:55:05.0358 4760  Null - ok
13:55:05.0405 4760  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:55:05.0420 4760  nvraid - ok
13:55:05.0428 4760  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:55:05.0439 4760  nvstor - ok
13:55:05.0446 4760  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:55:05.0461 4760  nv_agp - ok
13:55:05.0474 4760  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:55:05.0499 4760  ohci1394 - ok
13:55:05.0523 4760  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:55:05.0534 4760  p2pimsvc - ok
13:55:05.0548 4760  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:55:05.0559 4760  p2psvc - ok
13:55:05.0577 4760  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:55:05.0592 4760  Parport - ok
13:55:05.0609 4760  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:55:05.0617 4760  partmgr - ok
13:55:05.0629 4760  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:55:05.0663 4760  PcaSvc - ok
13:55:05.0687 4760  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:55:05.0696 4760  pci - ok
13:55:05.0699 4760  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:55:05.0706 4760  pciide - ok
13:55:05.0725 4760  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:55:05.0742 4760  pcmcia - ok
13:55:05.0755 4760  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:55:05.0763 4760  pcw - ok
13:55:05.0778 4760  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:55:05.0814 4760  PEAUTH - ok
13:55:05.0864 4760  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:55:05.0913 4760  PerfHost - ok
13:55:06.0032 4760  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:55:06.0091 4760  pla - ok
13:55:06.0133 4760  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:55:06.0144 4760  PlugPlay - ok
13:55:06.0156 4760  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:55:06.0184 4760  PNRPAutoReg - ok
13:55:06.0214 4760  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:55:06.0226 4760  PNRPsvc - ok
13:55:06.0250 4760  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
13:55:06.0262 4760  Point64 - ok
13:55:06.0278 4760  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:55:06.0325 4760  PolicyAgent - ok
13:55:06.0349 4760  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:55:06.0395 4760  Power - ok
13:55:06.0432 4760  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:55:06.0488 4760  PptpMiniport - ok
13:55:06.0505 4760  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:55:06.0535 4760  Processor - ok
13:55:06.0580 4760  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:55:06.0607 4760  ProfSvc - ok
13:55:06.0630 4760  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:55:06.0639 4760  ProtectedStorage - ok
13:55:06.0668 4760  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:55:06.0710 4760  Psched - ok
13:55:06.0763 4760  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:55:06.0822 4760  ql2300 - ok
13:55:06.0836 4760  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:55:06.0846 4760  ql40xx - ok
13:55:06.0862 4760  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:55:06.0874 4760  QWAVE - ok
13:55:06.0884 4760  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:55:06.0910 4760  QWAVEdrv - ok
13:55:06.0970 4760  [ 3FC8252625F2574036777D2981F839EE ] RalinkRegistryWriter C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
13:55:06.0978 4760  RalinkRegistryWriter - ok
13:55:07.0005 4760  [ 3A6F58A249DF7466F9844F70499627F7 ] RalinkRegistryWriter64 C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
13:55:07.0014 4760  RalinkRegistryWriter64 - ok
13:55:07.0021 4760  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:55:07.0048 4760  RasAcd - ok
13:55:07.0074 4760  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:55:07.0116 4760  RasAgileVpn - ok
13:55:07.0130 4760  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:55:07.0175 4760  RasAuto - ok
13:55:07.0197 4760  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:55:07.0237 4760  Rasl2tp - ok
13:55:07.0268 4760  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:55:07.0293 4760  RasMan - ok
13:55:07.0304 4760  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:55:07.0347 4760  RasPppoe - ok
13:55:07.0368 4760  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:55:07.0426 4760  RasSstp - ok
13:55:07.0458 4760  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:55:07.0483 4760  rdbss - ok
13:55:07.0493 4760  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:55:07.0507 4760  rdpbus - ok
13:55:07.0513 4760  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:55:07.0535 4760  RDPCDD - ok
13:55:07.0551 4760  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:55:07.0572 4760  RDPENCDD - ok
13:55:07.0581 4760  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:55:07.0603 4760  RDPREFMP - ok
13:55:07.0621 4760  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:55:07.0649 4760  RDPWD - ok
13:55:07.0672 4760  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:55:07.0681 4760  rdyboost - ok
13:55:07.0701 4760  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:55:07.0742 4760  RemoteAccess - ok
13:55:07.0763 4760  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:55:07.0807 4760  RemoteRegistry - ok
13:55:07.0842 4760  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
13:55:07.0851 4760  rpcapd - ok
13:55:07.0874 4760  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:55:07.0898 4760  RpcEptMapper - ok
13:55:07.0906 4760  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:55:07.0938 4760  RpcLocator - ok
13:55:07.0961 4760  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:55:07.0986 4760  RpcSs - ok
13:55:08.0026 4760  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:55:08.0049 4760  rspndr - ok
13:55:08.0079 4760  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:55:08.0088 4760  SamSs - ok
13:55:08.0104 4760  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:55:08.0114 4760  sbp2port - ok
13:55:08.0132 4760  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:55:08.0174 4760  SCardSvr - ok
13:55:08.0205 4760  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:55:08.0244 4760  scfilter - ok
13:55:08.0280 4760  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:55:08.0328 4760  Schedule - ok
13:55:08.0356 4760  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:55:08.0378 4760  SCPolicySvc - ok
13:55:08.0397 4760  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:55:08.0427 4760  SDRSVC - ok
13:55:08.0453 4760  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:55:08.0493 4760  secdrv - ok
13:55:08.0513 4760  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:55:08.0535 4760  seclogon - ok
13:55:08.0559 4760  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:55:08.0582 4760  SENS - ok
13:55:08.0590 4760  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:55:08.0611 4760  SensrSvc - ok
13:55:08.0627 4760  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:55:08.0661 4760  Serenum - ok
13:55:08.0697 4760  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:55:08.0725 4760  Serial - ok
13:55:08.0755 4760  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:55:08.0786 4760  sermouse - ok
13:55:08.0817 4760  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:55:08.0841 4760  SessionEnv - ok
13:55:08.0856 4760  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:55:08.0894 4760  sffdisk - ok
13:55:08.0918 4760  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:55:08.0932 4760  sffp_mmc - ok
13:55:08.0939 4760  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:55:08.0970 4760  sffp_sd - ok
13:55:08.0993 4760  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:55:09.0026 4760  sfloppy - ok
13:55:09.0085 4760  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:55:09.0116 4760  SharedAccess - ok
13:55:09.0127 4760  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:55:09.0169 4760  ShellHWDetection - ok
13:55:09.0187 4760  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:55:09.0198 4760  SiSRaid2 - ok
13:55:09.0211 4760  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:55:09.0220 4760  SiSRaid4 - ok
13:55:09.0297 4760  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:55:09.0410 4760  Skype C2C Service - ok
13:55:09.0449 4760  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:55:09.0526 4760  SkypeUpdate - ok
13:55:09.0552 4760  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:55:09.0593 4760  Smb - ok
13:55:09.0640 4760  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:55:09.0695 4760  SNMPTRAP - ok
13:55:09.0730 4760  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:55:09.0737 4760  spldr - ok
13:55:09.0852 4760  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:55:09.0891 4760  Spooler - ok
13:55:09.0948 4760  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:55:10.0003 4760  sppsvc - ok
13:55:10.0024 4760  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:55:10.0085 4760  sppuinotify - ok
13:55:10.0122 4760  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:55:10.0151 4760  srv - ok
13:55:10.0188 4760  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:55:10.0215 4760  srv2 - ok
13:55:10.0244 4760  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:55:10.0278 4760  srvnet - ok
13:55:10.0313 4760  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
13:55:10.0326 4760  ssadbus - ok
13:55:10.0334 4760  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:55:10.0343 4760  ssadmdfl - ok
13:55:10.0355 4760  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
13:55:10.0392 4760  ssadmdm - ok
13:55:10.0422 4760  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
13:55:10.0454 4760  ssadserd - ok
13:55:10.0475 4760  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:55:10.0524 4760  SSDPSRV - ok
13:55:10.0546 4760  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:55:10.0569 4760  SstpSvc - ok
13:55:10.0585 4760  Steam Client Service - ok
13:55:10.0599 4760  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:55:10.0610 4760  stexstor - ok
13:55:10.0661 4760  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:55:10.0710 4760  stisvc - ok
13:55:10.0732 4760  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:55:10.0740 4760  swenum - ok
13:55:10.0758 4760  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:55:10.0799 4760  swprv - ok
13:55:10.0851 4760  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:55:10.0892 4760  SysMain - ok
13:55:10.0928 4760  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:55:10.0942 4760  TabletInputService - ok
13:55:10.0956 4760  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:55:10.0998 4760  TapiSrv - ok
13:55:11.0017 4760  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:55:11.0056 4760  TBS - ok
13:55:11.0125 4760  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:55:11.0166 4760  Tcpip - ok
13:55:11.0200 4760  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:55:11.0225 4760  TCPIP6 - ok
13:55:11.0238 4760  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:55:11.0264 4760  tcpipreg - ok
13:55:11.0287 4760  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:55:11.0316 4760  TDPIPE - ok
13:55:11.0344 4760  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:55:11.0357 4760  TDTCP - ok
13:55:11.0388 4760  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:55:11.0410 4760  tdx - ok
13:55:11.0421 4760  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:55:11.0429 4760  TermDD - ok
13:55:11.0447 4760  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:55:11.0474 4760  TermService - ok
13:55:11.0487 4760  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:55:11.0514 4760  Themes - ok
13:55:11.0544 4760  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:55:11.0567 4760  THREADORDER - ok
13:55:11.0586 4760  [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr         C:\Windows\System32\tlntsvr.exe
13:55:11.0614 4760  TlntSvr - ok
13:55:11.0652 4760  [ 25F16B72A7CC494EAC01A90A44218456 ] TpMediaServer   C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe
13:55:11.0666 4760  TpMediaServer - ok
13:55:11.0676 4760  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:55:11.0700 4760  TrkWks - ok
13:55:11.0730 4760  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:55:11.0761 4760  TrustedInstaller - ok
13:55:11.0783 4760  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:11.0805 4760  tssecsrv - ok
13:55:11.0848 4760  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:55:11.0878 4760  TsUsbFlt - ok
13:55:11.0915 4760  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:55:11.0955 4760  tunnel - ok
13:55:11.0991 4760  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:55:12.0013 4760  uagp35 - ok
13:55:12.0060 4760  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:55:12.0095 4760  udfs - ok
13:55:12.0151 4760  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:55:12.0180 4760  UI0Detect - ok
13:55:12.0215 4760  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:55:12.0224 4760  uliagpkx - ok
13:55:12.0253 4760  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
13:55:12.0284 4760  umbus - ok
13:55:12.0304 4760  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:55:12.0314 4760  UmPass - ok
13:55:12.0339 4760  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:55:12.0382 4760  upnphost - ok
13:55:12.0407 4760  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:12.0435 4760  usbccgp - ok
13:55:12.0453 4760  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:55:12.0486 4760  usbcir - ok
13:55:12.0508 4760  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:55:12.0536 4760  usbehci - ok
13:55:12.0558 4760  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:55:12.0587 4760  usbhub - ok
13:55:12.0604 4760  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:55:12.0633 4760  usbohci - ok
13:55:12.0655 4760  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:55:12.0690 4760  usbprint - ok
13:55:12.0710 4760  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:12.0719 4760  USBSTOR - ok
13:55:12.0729 4760  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:55:12.0778 4760  usbuhci - ok
13:55:12.0804 4760  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:55:12.0848 4760  UxSms - ok
13:55:12.0874 4760  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:55:12.0883 4760  VaultSvc - ok
13:55:12.0932 4760  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:55:12.0940 4760  vdrvroot - ok
13:55:12.0961 4760  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:55:13.0003 4760  vds - ok
13:55:13.0025 4760  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:13.0040 4760  vga - ok
13:55:13.0067 4760  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:55:13.0090 4760  VgaSave - ok
13:55:13.0106 4760  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:55:13.0115 4760  vhdmp - ok
13:55:13.0123 4760  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:55:13.0135 4760  viaide - ok
13:55:13.0145 4760  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:55:13.0153 4760  volmgr - ok
13:55:13.0172 4760  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:55:13.0183 4760  volmgrx - ok
13:55:13.0197 4760  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:55:13.0206 4760  volsnap - ok
13:55:13.0230 4760  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:55:13.0244 4760  vsmraid - ok
13:55:13.0288 4760  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:55:13.0323 4760  VSS - ok
13:55:13.0336 4760  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:55:13.0346 4760  vwifibus - ok
13:55:13.0354 4760  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:55:13.0392 4760  vwififlt - ok
13:55:13.0434 4760  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:55:13.0472 4760  vwifimp - ok
13:55:13.0513 4760  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:55:13.0556 4760  W32Time - ok
13:55:13.0580 4760  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:55:13.0608 4760  WacomPen - ok
13:55:13.0644 4760  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:55:13.0689 4760  WANARP - ok
13:55:13.0707 4760  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:55:13.0730 4760  Wanarpv6 - ok
13:55:13.0753 4760  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:55:13.0786 4760  wbengine - ok
13:55:13.0791 4760  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:55:13.0804 4760  WbioSrvc - ok
13:55:13.0834 4760  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:55:13.0848 4760  wcncsvc - ok
13:55:13.0861 4760  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:55:13.0870 4760  WcsPlugInService - ok
13:55:13.0881 4760  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:55:13.0889 4760  Wd - ok
13:55:13.0926 4760  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:55:13.0940 4760  Wdf01000 - ok
13:55:13.0950 4760  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:55:14.0005 4760  WdiServiceHost - ok
13:55:14.0009 4760  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:55:14.0022 4760  WdiSystemHost - ok
13:55:14.0056 4760  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:55:14.0088 4760  WebClient - ok
13:55:14.0114 4760  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:55:14.0159 4760  Wecsvc - ok
13:55:14.0185 4760  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:55:14.0226 4760  wercplsupport - ok
13:55:14.0259 4760  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:55:14.0282 4760  WerSvc - ok
13:55:14.0291 4760  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:55:14.0313 4760  WfpLwf - ok
13:55:14.0325 4760  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:55:14.0333 4760  WIMMount - ok
13:55:14.0346 4760  WinDefend - ok
13:55:14.0349 4760  WinHttpAutoProxySvc - ok
13:55:14.0380 4760  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:55:14.0404 4760  Winmgmt - ok
13:55:14.0441 4760  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:55:14.0477 4760  WinRM - ok
13:55:14.0498 4760  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:55:14.0517 4760  Wlansvc - ok
13:55:14.0535 4760  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:55:14.0568 4760  WmiAcpi - ok
13:55:14.0596 4760  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:55:14.0624 4760  wmiApSrv - ok
13:55:14.0648 4760  WMPNetworkSvc - ok
13:55:14.0665 4760  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:55:14.0674 4760  WPCSvc - ok
13:55:14.0696 4760  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:55:14.0707 4760  WPDBusEnum - ok
13:55:14.0715 4760  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:55:14.0760 4760  ws2ifsl - ok
13:55:14.0783 4760  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:55:14.0817 4760  wscsvc - ok
13:55:14.0819 4760  WSearch - ok
13:55:14.0894 4760  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:55:14.0944 4760  wuauserv - ok
13:55:14.0960 4760  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:55:14.0972 4760  WudfPf - ok
13:55:15.0003 4760  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:15.0015 4760  WUDFRd - ok
13:55:15.0023 4760  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:55:15.0050 4760  wudfsvc - ok
13:55:15.0070 4760  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:55:15.0102 4760  WwanSvc - ok
13:55:15.0125 4760  ================ Scan global ===============================
13:55:15.0143 4760  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:55:15.0169 4760  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:55:15.0177 4760  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:55:15.0201 4760  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:55:15.0214 4760  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:55:15.0217 4760  [Global] - ok
13:55:15.0217 4760  ================ Scan MBR ==================================
13:55:15.0227 4760  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:55:15.0303 4760  \Device\Harddisk0\DR0 - ok
13:55:15.0306 4760  [ 0FC924A0DCA9AE3DECE7129BEE4D474B ] \Device\Harddisk1\DR1
13:55:18.0687 4760  \Device\Harddisk1\DR1 - ok
13:55:18.0687 4760  ================ Scan VBR ==================================
13:55:18.0707 4760  [ 54ED33547CC659018B00F5002531AD76 ] \Device\Harddisk0\DR0\Partition1
13:55:18.0707 4760  \Device\Harddisk0\DR0\Partition1 - ok
13:55:18.0713 4760  [ 8ACA1D6651261D00377F09D39DE6554B ] \Device\Harddisk0\DR0\Partition2
13:55:18.0714 4760  \Device\Harddisk0\DR0\Partition2 - ok
13:55:18.0719 4760  [ 3059E20963AFA8B418CCBC82DAB956C9 ] \Device\Harddisk0\DR0\Partition3
13:55:18.0721 4760  \Device\Harddisk0\DR0\Partition3 - ok
13:55:18.0721 4760  ============================================================
13:55:18.0721 4760  Scan finished
13:55:18.0721 4760  ============================================================
13:55:18.0727 2868  Detected object count: 1
13:55:18.0727 2868  Actual detected object count: 1
13:55:24.0800 2868  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:24.0800 2868  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 21.12.2012, 13:26   #6
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Pc / INternet langsam

Alt 21.12.2012, 14:23   #7
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Code:
ATTFilter
ComboFix 12-12-20.02 - Dustin 21.12.2012  15:08:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8154.6585 [GMT 1:00]
ausgeführt von:: c:\users\Dustin\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\explorer (2).exe
c:\program files (x86)\RelevantKnowledge\explorer.exe
c:\users\Dustin\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-21 bis 2012-12-21  ))))))))))))))))))))))))))))))
.
.
2012-12-21 11:59 . 2012-12-21 11:59	--------	d-----w-	C:\_OTL
2012-12-21 08:31 . 2012-12-21 08:31	388096	----a-r-	c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-21 08:31 . 2012-12-21 08:31	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-12-21 08:26 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 08:26 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 08:26 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 08:26 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-21 08:19 . 2012-07-11 16:09	64856	----a-w-	c:\windows\system32\klfphc.dll
2012-12-21 08:18 . 2012-12-21 08:18	--------	d-----w-	c:\windows\ELAMBKUP
2012-12-21 08:18 . 2012-12-21 14:12	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-12-21 08:18 . 2012-12-21 08:18	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2012-12-21 08:18 . 2012-12-21 08:40	613720	----a-w-	c:\windows\system32\drivers\klif.sys
2012-12-21 08:18 . 2012-08-13 17:24	89432	----a-w-	c:\windows\system32\drivers\klflt.sys
2012-12-21 07:25 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4453D7B-E248-421F-BB95-21116704D11D}\mpengine.dll
2012-12-15 18:57 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-15 18:57 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-15 18:57 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-10 18:39 . 2012-12-10 18:39	--------	d-----w-	c:\users\Dustin\AppData\Roaming\Audio Recorder for Free
2012-12-10 18:38 . 2012-12-10 18:38	--------	d-----w-	c:\program files (x86)\Audio Recorder for Free
2012-12-10 18:38 . 2005-05-18 10:52	1212416	----a-w-	c:\windows\SysWow64\NCTAudioInformation2.dll
2012-12-10 18:38 . 2005-05-17 11:37	1986560	----a-w-	c:\windows\SysWow64\NCTAudioFile2.dll
2012-12-10 18:38 . 2005-04-25 12:01	458752	----a-w-	c:\windows\SysWow64\NCTAudioRecord2.dll
2012-12-10 18:38 . 2005-04-25 12:01	458752	----a-w-	c:\windows\SysWow64\NCTAudioPlayer2.dll
2012-12-10 18:38 . 2005-04-15 11:08	880640	----a-w-	c:\windows\SysWow64\NCTAudioEditor2.dll
2012-12-10 18:38 . 2005-04-04 16:21	602112	----a-w-	c:\windows\SysWow64\NCTAudioTransform2.dll
2012-12-10 18:38 . 2005-03-28 14:54	479232	----a-w-	c:\windows\SysWow64\NCTAudioVisualization2.dll
2012-12-10 18:38 . 2005-03-28 14:52	417792	----a-w-	c:\windows\SysWow64\NCTTextToAudio2.dll
2012-12-10 18:38 . 2005-02-24 10:51	348160	----a-w-	c:\windows\SysWow64\NCTWMAFile2.dll
2012-12-10 18:38 . 2004-11-04 12:31	835584	----a-w-	c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2012-12-10 18:38 . 2002-01-05 15:37	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2012-12-09 12:38 . 2012-12-09 12:46	--------	d-----w-	c:\users\Dustin\Ekahau Site Survey
2012-12-09 12:36 . 2012-12-09 12:36	--------	d-----w-	c:\program files\Ekahau
2012-11-29 19:33 . 2012-11-29 19:33	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2012-11-28 17:49 . 2012-05-31 11:25	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-21 08:40 . 2012-07-25 13:53	29528	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-12-21 08:40 . 2012-06-08 10:38	54104	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-12-21 08:40 . 2012-05-25 18:38	29016	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-12-15 20:51 . 2012-07-03 06:42	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 20:49 . 2012-07-03 13:13	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 20:49 . 2012-07-03 13:13	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-02 14:38 . 2012-11-02 14:38	862664	----a-w-	c:\windows\SysWow64\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38	828872	----a-w-	c:\windows\system32\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38	661448	----a-w-	c:\windows\system32\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38	534480	----a-w-	c:\windows\SysWow64\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38	50856	----a-w-	c:\windows\system32\drivers\point64.sys
2012-11-02 14:38 . 2012-11-02 14:38	354264	----a-w-	c:\windows\system32\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38	251864	----a-w-	c:\windows\SysWow64\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2012-10-22 12:02 . 2012-10-22 12:02	154464	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 13:33	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:33	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:33	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48	63328	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-15 22:01	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 22:01	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 22:01	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 22:01	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 02:32 . 2012-10-05 02:32	111456	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-15 18:56	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 22:01	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 22:01	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 22:01	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 22:01	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 22:01	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 22:01	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 22:01	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 22:01	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 22:01	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 22:01	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 22:01	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 01:30 . 2012-10-02 01:30	185696	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-09-28 21:32 . 2012-09-28 21:32	2177688	----a-w-	c:\windows\system32\coin92.dll
2012-09-25 22:47 . 2012-11-15 22:00	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 22:00	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432]
"Spotify Web Helper"="c:\users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-12-21 356376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
TP-LINK Wireless Client Utility.lnk - c:\program files (x86)\TP-LINK\COMMON\TWCU.exe [2012-9-5 10918400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-01 1340976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TpMediaServer;TpMediaServer;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe [2011-03-14 619872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-12-21 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2012-03-23 27288]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe [2011-03-14 451936]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-12-21 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-12-21 29528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://rautemusik-club.radio.de/
FF - prefs.js: network.proxy.ftp - 213.197.182.78
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 213.197.182.78
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 213.197.182.78
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-09 22:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-24 09:41; stealthyextension@gmail.com; c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\extensions\stealthyextension@gmail.com.xpi
FF - ExtSQL: 2012-12-21 09:18; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-12-21 09:18; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-12-21 09:18; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLL
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\Datamngr\DATAMN~1.EXE
AddRemove-Searchqu Toolbar - c:\program files (x86)\Searchqu Toolbar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TP-LINK\COMMON\RaRegistry.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-21  15:18:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-21 14:18
.
Vor Suchlauf: 9 Verzeichnis(se), 750.055.473.152 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 749.927.976.960 Bytes frei
.
- - End Of File - - AEAD7CB9BACB2EF42906EEE7FBF4684E
         

Alt 21.12.2012, 14:35   #8
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 16:04   #9
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.21.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dustin :: DUSTIN-PC [Administrator]

21.12.2012 16:14:40
mbam-log-2012-12-21 (16-14-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363029
Laufzeit: 31 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\explorer (2).exe.vir (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\explorer.exe.vir (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 21.12.2012, 16:12   #10
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hi,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 18:01   #11
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 notwedig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 notwedig
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 30.08.2012 121MB 10.1.4 notwedig
ATI Catalyst Install Manager ATI Technologies, Inc. 03.07.2012 22,1MB 3.0.758.0 Notwedig
Audio Recorder for Free v12.9.8 Copyright(C) 2006-2012 AudioToolMedia Software. 10.12.2012 23,5MB ?
AVG 2013 AVG Technologies 08.11.2012 2013.0.2793 notwedig ? ( eventuell bessere ? )
CCleaner Piriform 25.11.2012 3.25 Notwendig
Cisco EAP-FAST Module Cisco Systems, Inc. 05.09.2012 1,55MB 2.2.14 ?
Cisco LEAP Module Cisco Systems, Inc. 05.09.2012 644KB 1.0.19 ?
Cisco PEAP Module Cisco Systems, Inc. 05.09.2012 1,23MB 1.1.6 ?
Ekahau HeatMapper Ekahau Inc. 09.12.2012 131MB 1.1.4.39795 notwedig
Flyff Gala Networks Europe Limited 09.11.2012 Flyff notwedig
HiJackThis Trend Micro 21.12.2012 369KB 1.0.0 nicht notwedig
ICQ7M ICQ 22.07.2012 7.8 notwedig
Java 7 Update 6 Oracle 30.08.2012 128MB 7.0.60 (denke) notwedig
Kaspersky Anti-Virus 2013 Kaspersky Lab 21.12.2012 13.0.1.4190 heute installliert für virus
League of Legends Riot Games 03.07.2012 1.3 notwedig
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 21.12.2012 19,4MB 1.65.1.1000 heute installiert
McAfee Security Scan Plus McAfee, Inc. 31.08.2012 10,2MB 3.0.207.4 nicht notwedig ?
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.07.2012 38,8MB 4.0.30320 ????
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.07.2012 2,93MB 4.0.30320 ????
Microsoft Office Excel Viewer Microsoft Corporation 04.11.2012 71,0MB 12.0.6219.1000 notwedig
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 05.09.2012 90,8MB 12.0.4518.1014 ????
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.07.2012 428KB 8.0.56336 ????
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 03.07.2012 780KB 9.0.30729.4148 ????
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.07.2012 240KB 9.0.30729 ????
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 03.07.2012 596KB 9.0.30729.4148 ????
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.10.2012 11,1MB 10.0.40219 ????
Microsoft-Maus- und Tastatur-Center Microsoft Corporation 29.11.2012 2.0.162.0 nicht notwedig
Mozilla Firefox 17.0.1 (x86 de) Mozilla 07.12.2012 46,3MB 17.0.1 notwedig
Mozilla Maintenance Service Mozilla 07.12.2012 329KB 17.0.1 ????
Pando Media Booster Pando Networks Inc. 31.08.2012 5,46MB 2.6.0.8 notwedig
Realtek Ethernet Controller Driver Realtek 03.07.2012 7.49.927.2011 ?`?????
Samsung Kies Samsung Electronics Co., Ltd. 27.07.2012 210MB 2.3.2.12064_9 notwedig
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 27.07.2012 42,9MB 1.5.6.0 notwedig
Skype Click to Call Skype Technologies S.A. 22.08.2012 29,2MB 6.2.10687 notwedig
Skype™ 5.10 Skype Technologies S.A. 22.08.2012 19,4MB 5.10.116 notwedig
Spotify Spotify AB 27.10.2012 0.8.5.1333.g822e0de8 notwedig
StarCraft II Blizzard Entertainment 27.10.2012 1.5.3.23260 notwedig
Steam Valve 23.07.2012 42,1MB 1.0.0.0 notwedig
TeamSpeak 3 Client TeamSpeak Systems GmbH 31.08.2012 3.0.8.1 notwedig
Technitium MAC Address Changer v6.0.3 Technitium 31.08.2012 6.0.3 notwedig
TP-LINK Wireless Client Utility TP-LINK 05.09.2012 1.0.0.0 notwedig
Visual Studio 2008 x64 Redistributables AVG Technologies 03.07.2012 11,7MB 10.0.0.2 ?????
Visual Studio 2010 x64 Redistributables AVG Technologies 26.10.2012 12,4MB 13.0.0.1 ??????
Warcraft III Blizzard Entertainment 31.08.2012 notwedig
Windows Media Player Firefox Plugin Microsoft Corp 31.08.2012 296KB 1.0.0.8 notwedig
WinPcap 4.1.2 CACE Technologies 31.08.2012 4.1.0.2001 ???????
WinRAR 4.20 (32-Bit) win.rar GmbH 31.08.2012 4.20.0 notwedig
Wireshark 1.8.1 (32-bit) The Wireshark developer community, hxxp://www.wireshark.org 31.08.2012 83,5MB 1.8.1 ? ??????

Alt 21.12.2012, 18:06   #12
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hi
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Audio Recorder
HiJackThis : finger weg von HJT unter win7
das Programm wird nicht mehr weiterentwickelt, und es kann zu Fehlern bei der Analyse kommen
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
McAfee
WinPcap
Wireshark

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 20:31   #13
dasthat
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 21/12/2012 um 21:30:46 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dustin - DUSTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dustin\Downloads\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\Users\Dustin\AppData\LocalLow\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\prefs.js

Gefunden : user_pref("CT3242337.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT3242337.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gefunden : user_pref("CT3242337.1000234.TWC_TMP_city", "");
Gefunden : user_pref("CT3242337.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT3242337.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT3242337.FirstTime", "true");
Gefunden : user_pref("CT3242337.FirstTimeFF3", "true");
Gefunden : user_pref("CT3242337.UserID", "UN15653781204450368");
Gefunden : user_pref("CT3242337.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT3242337.embeddedsData", "[{\"appId\":\"129888260050636624\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT3242337.enableAlerts", "never");
Gefunden : user_pref("CT3242337.event_data", "%5B%5D");
Gefunden : user_pref("CT3242337.fired_events", "");
Gefunden : user_pref("CT3242337.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT3242337.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT3242337.fixUrls", true);
Gefunden : user_pref("CT3242337.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.isNewTabEnabled", true);
Gefunden : user_pref("CT3242337.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT3242337.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT3242337.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.key_date", "23");
Gefunden : user_pref("CT3242337.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforum.sysprofile[...]
Gefunden : user_pref("CT3242337.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.search.searchAppId", "129888260050636624");
Gefunden : user_pref("CT3242337.search.searchCount", "0");
Gefunden : user_pref("CT3242337.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT3242337.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT3242337.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345146818965");
Gefunden : user_pref("CT3242337.serviceLayer_services_appTracking_lastUpdate", "1345146821967");
Gefunden : user_pref("CT3242337.serviceLayer_services_appsMetadata_lastUpdate", "1345671662218");
Gefunden : user_pref("CT3242337.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345146820870");
Gefunden : user_pref("CT3242337.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345585747206");
Gefunden : user_pref("CT3242337.serviceLayer_services_login_10.10.27.6_lastUpdate", "1345735754050");
Gefunden : user_pref("CT3242337.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13456[...]
Gefunden : user_pref("CT3242337.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13456[...]
Gefunden : user_pref("CT3242337.serviceLayer_services_optimizer_lastUpdate", "1345671662991");
Gefunden : user_pref("CT3242337.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345146820895");
Gefunden : user_pref("CT3242337.serviceLayer_services_searchAPI_lastUpdate", "1345670667824");
Gefunden : user_pref("CT3242337.serviceLayer_services_serviceMap_lastUpdate", "1345735753517");
Gefunden : user_pref("CT3242337.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345146820792");
Gefunden : user_pref("CT3242337.serviceLayer_services_toolbarSettings_lastUpdate", "1345735753604");
Gefunden : user_pref("CT3242337.serviceLayer_services_translation_lastUpdate", "1345735753665");
Gefunden : user_pref("CT3242337.settingsINI", true);
Gefunden : user_pref("CT3242337.smartbar.CTID", "CT3242337");
Gefunden : user_pref("CT3242337.smartbar.Uninstall", "0");
Gefunden : user_pref("CT3242337.smartbar.toolbarName", "WiseConvert 1.3 ");
Gefunden : user_pref("CT3242337.toolbarBornServerTime", "16-8-2012");
Gefunden : user_pref("CT3242337.toolbarCurrentServerTime", "23-8-2012");
Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.0.5");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [12268 octets] - [21/12/2012 21:30:46]
AdwCleaner[S1].txt - [13162 octets] - [24/08/2012 22:32:55]
AdwCleaner[S2].txt - [1142 octets] - [24/08/2012 22:42:54]

########## EOF - C:\AdwCleaner[R2].txt - [12450 octets] ##########
         

Alt 21.12.2012, 21:11   #14
markusg
/// Malware-holic
 
Pc / INternet langsam - Standard

Pc / INternet langsam



Hi,

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Neustarten, teste bitte, wie der PC und Programme laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Pc / INternet langsam
adobe, autorun, avg, avg secure search, bho, desktop, explorer, firefox, flash player, format, hijack, home, internet, internet langsam, kaspersky, langsam, logfile, mozilla, object, port, scan, secure search, security, software, spotify web helper, tastatur, temp, windows



Ähnliche Themen: Pc / INternet langsam


  1. Internet Langsam !
    Plagegeister aller Art und deren Bekämpfung - 07.05.2015 (5)
  2. PC langsam. Internet langsam. Beim Start öffnen sich unseriöse Sachen.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2014 (7)
  3. Windows 7 Internet Explorer langsam Internet Explorer reagiert lahm oder gar nicht
    Log-Analyse und Auswertung - 28.05.2014 (15)
  4. PC langsam, Internet manchmal langsam, Trojaner?
    Log-Analyse und Auswertung - 03.04.2014 (1)
  5. Rechner langsam, Internet langsam, neue Programme , mit Log Files
    Log-Analyse und Auswertung - 08.05.2013 (4)
  6. Rechner (Internet) extrem langsam langsam und hackelig!Leerlaufprozess Task Manager ständig zw. 70-98 %
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (17)
  7. Internet Langsam
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (19)
  8. Internet langsam
    Log-Analyse und Auswertung - 06.10.2010 (2)
  9. Internet Explorer 2 x im Taskmanager und Internet-Explorer + System furchtbar langsam
    Log-Analyse und Auswertung - 24.09.2010 (7)
  10. Internet zu langsam etc
    Log-Analyse und Auswertung - 09.09.2010 (24)
  11. Internet langsam und zu reagiert das Internet und Outlook nicht mehr
    Log-Analyse und Auswertung - 27.08.2009 (37)
  12. internet seitenaufbau total langsam,internet aktivität zu hoch.
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (0)
  13. CD Laufwerk geht auf und zu| Rechner langsam | Internet langsam
    Log-Analyse und Auswertung - 01.06.2007 (1)
  14. pc so langsam . internet aufbau langsam pc ständig am arbeiten
    Log-Analyse und Auswertung - 04.05.2007 (9)
  15. internet langsam
    Log-Analyse und Auswertung - 23.01.2007 (6)
  16. Internet so langsam!
    Mülltonne - 24.11.2006 (0)
  17. Langsam im Internet
    Plagegeister aller Art und deren Bekämpfung - 20.03.2005 (1)

Zum Thema Pc / INternet langsam - Hallo Leute , Mein Pc wird zunehmend langsamer und iwo habe ich das gefühl , dass bei mir allerhand durchs netz geht , da mein Internet in gewisser Weise extreme - Pc / INternet langsam...
Archiv
Du betrachtest: Pc / INternet langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.