Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.08.2013, 17:27   #1
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Hallo mein Internet ist seit ein paar Tagen stark verlangsamt.
Habe bemerkt, dass 5 Prozesse von meinem Browser laufen (dragon.exe*32). Mein Browser ist Dragon Comodo.
Habe schon mit "defogger", "FRST" und "gmr" gescannt, die logfiles dazu findet ihr im Anhang (leider zu groß).
Angehängte Dateien
Dateityp: txt Addition.txt (11,7 KB, 153x aufgerufen)
Dateityp: log defogger_disable.log (470 Bytes, 126x aufgerufen)
Dateityp: txt FRST.txt (16,6 KB, 142x aufgerufen)

Alt 14.08.2013, 17:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 15.08.2013, 06:16   #3
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Hey entschuldige aber die letzte logfile war zu groß. Okay soll ich Sie nochmal posten oder nur für die Zukunft?

Wenn ich combofix starte kommt folgender Fehler:

Fehler beim Überschreiben der Datei: "C:\32788R22FWJFW\AWF.cmd"


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by Paul (administrator) on 13-08-2013 18:31:19
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [gbrspcontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: [NameServer]156.154.70.22,156.154.71.22

==================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-10 19:04 - 2013-08-10 19:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:03 - 2013-08-10 19:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:42 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 17:42 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 17:42 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-27 01:06 - 2013-07-27 01:06 - 00002043 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2013-07-24 18:37 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 13:48 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-21 13:48 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 13:48 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 13:48 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-21 13:48 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-21 13:48 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-21 13:48 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-21 13:48 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 13:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-21 13:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-21 13:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 13:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 13:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-21 13:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 13:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 13:36 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-13 18:29 - 2013-05-30 12:26 - 00000000 ____D C:\Users\Paul
2013-08-13 18:22 - 2013-06-01 13:29 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-13 18:18 - 2013-06-07 16:10 - 00000000 ____D C:\Users\Paul\AppData\Local\PMB Files
2013-08-13 18:18 - 2013-06-07 16:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-13 17:48 - 2013-06-01 13:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 13:24 - 2013-05-30 12:26 - 01251201 _____ C:\Windows\WindowsUpdate.log
2013-08-13 08:34 - 2009-07-14 06:51 - 00048657 _____ C:\Windows\setupact.log
2013-08-13 06:10 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 06:10 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 06:07 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-08-13 06:07 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-08-13 06:07 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 06:02 - 2013-06-01 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-13 06:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 19:06 - 2013-08-10 19:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:04 - 2013-08-10 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 19:44 - 2013-06-01 14:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-07 19:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:43 - 2013-06-01 14:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 17:43 - 2013-06-01 14:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:41 - 2013-06-01 14:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-27 01:06 - 2013-07-27 01:06 - 00002043 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2013-07-24 18:38 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 14:29 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 14:27 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 14:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 14:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-21 13:36 - 2013-06-01 15:45 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2013-07-21 13:36 - 2013-06-01 13:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 13:36 - 2013-06-01 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 13:36 - 2013-06-01 13:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 19:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2013 01
Ran by Paul at 2013-08-13 18:31:51
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Comodo Dragon (x32 Version: 28.1.0.0)
COMODO Internet Security Premium (Version: 6.1.13008.2801)
GeekBuddy (x32 Version: 4.8.66)
iTunes (Version: 11.0.4.4)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mein CEWE FOTOBUCH (x32 Version: 5.0.3)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
Pando Media Booster (x32 Version: 2.6.0.9)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
SHIELD Streaming (Version: 1.05.19)
Skype™ 6.7 (x32 Version: 6.7.102)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

==================== Restore Points  =========================

01-08-2013 18:48:48 Geplanter Prüfpunkt
10-08-2013 17:35:04 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4F9FBC30-7EA2-4F95-A9C3-C56BC1D7FDAE} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {7021D224-1745-41AA-ADAB-13107F94BDB5} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => D:\Programme\COMODO\COMODO Internet Security\cis.exe [2013-07-08] (COMODO)
Task: {7EB74C95-64A4-4DD1-A4F9-B14704FED6C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-21] (Adobe Systems Incorporated)
Task: {9E919F1A-1DBE-4253-8C70-6A09F9D54627} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {AB56845E-6B0A-46E4-87A4-FA4825074ACD} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {BA9974A5-FCBE-48D3-AB12-EC68571DA8FB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO)
Task: {CDEAD8BE-4F3D-41FA-B4D1-5C5B18AFC4D2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D8D8F939-3BEA-4B33-B170-14CE526A8880} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Camera         
Description: Camera         
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2013 06:04:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 06:02:59 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/13/2013 06:02:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (08/12/2013 05:15:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 05:13:45 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/12/2013 05:13:44 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (08/11/2013 04:13:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 04:11:34 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/11/2013 04:11:33 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (08/10/2013 09:54:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/13/2013 06:02:59 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (08/13/2013 06:02:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (08/12/2013 05:13:47 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (08/12/2013 05:13:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (08/11/2013 04:11:34 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (08/11/2013 04:11:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (08/10/2013 09:52:52 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (08/10/2013 09:52:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (08/10/2013 02:57:32 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CFRMD

Error: (08/10/2013 02:57:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (08/13/2013 06:04:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 06:02:59 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/13/2013 06:02:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (08/12/2013 05:15:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 05:13:45 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/12/2013 05:13:44 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (08/11/2013 04:13:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 04:11:34 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (08/11/2013 04:11:33 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (08/10/2013 09:54:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 4094.42 MB
Available physical RAM: 2635.94 MB
Total Pagefile: 8187.03 MB
Available Pagefile: 6135.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:53.61 GB) (Free:24.43 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:877.8 GB) (Free:846.46 GB) NTFS (Disk=0 Partition=3)
Drive e: (OBLIVION) (CDROM) (Total:7.28 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 241C6624)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=54 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=878 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:02 on 14/08/2013 (Paul)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
__________________

Alt 15.08.2013, 14:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Combofix löschen und neu laden, versuch es dann nochmal
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.08.2013, 06:48   #5
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Code:
ATTFilter
ComboFix 13-08-16.03 - Paul 17.08.2013   7:17.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2713 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-17 bis 2013-08-17  ))))))))))))))))))))))))))))))
.
.
2013-08-17 05:41 . 2013-08-17 05:41	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-17 05:41 . 2013-08-17 05:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-14 06:29 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-14 06:29 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-14 06:29 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-14 06:29 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-14 06:29 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-14 06:29 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-13 16:30 . 2013-08-13 16:30	--------	d-----w-	C:\FRST
2013-08-10 17:04 . 2013-08-10 17:06	--------	d-----w-	c:\users\Paul\AppData\Roaming\Skype
2013-08-10 17:04 . 2013-08-10 17:04	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-08-10 17:04 . 2013-08-10 17:04	--------	d-----r-	c:\program files (x86)\Skype
2013-08-10 17:03 . 2013-08-10 17:04	--------	d-----w-	c:\programdata\Skype
2013-07-30 15:44 . 2013-07-30 15:44	--------	d-----w-	C:\NvidiaLogging
2013-07-30 15:42 . 2013-05-14 19:28	39712	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-07-30 15:42 . 2013-05-14 19:27	29984	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-07-30 15:42 . 2013-05-14 19:27	28448	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-07-30 15:42 . 2013-07-30 15:42	--------	d-----w-	c:\users\Paul\AppData\Local\NVIDIA
2013-07-26 23:06 . 2013-07-26 23:06	--------	d-----w-	c:\program files (x86)\Common Files\COMODO
2013-07-24 16:37 . 2013-08-14 06:33	--------	d-----w-	c:\windows\system32\MRT
2013-07-21 11:43 . 2013-07-21 11:43	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-07-21 11:43 . 2013-07-21 11:43	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-07-21 11:42 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-21 11:42 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-21 11:37 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-21 11:37 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-21 11:37 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-21 11:37 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 11:37 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-21 11:37 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-21 11:37 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 11:36 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-21 11:35 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-21 11:35 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-21 11:35 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-21 11:35 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-21 11:35 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-21 11:35 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-21 11:35 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 06:32 . 2013-06-01 12:05	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-08-07 17:44 . 2013-06-01 12:20	48392	----a-w-	c:\windows\SysWow64\certsentry.dll
2013-08-07 17:44 . 2013-06-01 11:28	57096	----a-w-	c:\windows\system32\certsentry.dll
2013-07-21 11:36 . 2013-06-01 11:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 11:36 . 2013-06-01 11:20	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 06:28	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-08 20:59 . 2013-04-15 16:38	708632	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2013-06-21 12:06 . 2013-07-01 17:14	9239344	----a-w-	c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14	7687592	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14	572704	----a-w-	c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 17:14	570656	----a-w-	c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 17:14	467232	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 17:14	465184	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 17:14	2953504	----a-w-	c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14	27781920	----a-w-	c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 17:14	2777888	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14	21102368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 17:14	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14	1832224	----a-w-	c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14	15144928	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 17:14	1511712	----a-w-	c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14	13411896	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 17:14	11235104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-01 12:48	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-01 12:48	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-02-25 22:32	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-25 22:32	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-25 22:32	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-01 12:49	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-01 12:49	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-01 12:49	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-01 12:49	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-01 12:49	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-01 12:49	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-18 15:16 . 2013-04-15 16:38	96800	----a-w-	c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 16:38	48360	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 16:38	23168	----a-w-	c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 16:38	43216	----a-w-	c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-15 16:38	348584	----a-w-	c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-15 16:38	437688	----a-w-	c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 16:38	45784	----a-w-	c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 16:38	344792	----a-w-	c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 16:38	278232	----a-w-	c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 16:38	40664	----a-w-	c:\windows\SysWow64\cmdkbd32.dll
2013-06-13 06:09 . 2013-06-13 06:09	55496	----a-w-	c:\windows\SysWow64\offreg.dll
2013-06-11 23:48 . 2013-06-11 22:48	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-02 20:37 . 2013-06-02 20:37	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-02 20:37 . 2013-06-02 20:37	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37	311200	----a-w-	c:\windows\system32\javaws.exe
2013-06-02 20:37 . 2013-06-02 20:37	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37	188832	----a-w-	c:\windows\system32\javaw.exe
2013-06-02 20:37 . 2013-06-02 20:37	188320	----a-w-	c:\windows\system32\java.exe
2013-06-01 12:39 . 2013-06-01 12:39	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-01 12:39 . 2013-06-01 12:39	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-01 12:39 . 2013-06-01 12:39	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-01 12:39 . 2013-06-01 12:39	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-01 12:39 . 2013-06-01 12:39	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-01 12:39 . 2013-06-01 12:39	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-01 12:39 . 2013-06-01 12:39	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-01 12:39 . 2013-06-01 12:39	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-01 12:39 . 2013-06-01 12:39	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-01 12:39 . 2013-06-01 12:39	441856	----a-w-	c:\windows\system32\html.iec
2013-06-01 12:39 . 2013-06-01 12:39	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-01 12:39 . 2013-06-01 12:39	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-01 12:39 . 2013-06-01 12:39	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-01 12:39 . 2013-06-01 12:39	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-01 12:39 . 2013-06-01 12:39	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-01 12:39 . 2013-06-01 12:39	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-01 12:39 . 2013-06-01 12:39	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-01 12:39 . 2013-06-01 12:39	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-01 12:39 . 2013-06-01 12:39	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-01 12:39 . 2013-06-01 12:39	235008	----a-w-	c:\windows\system32\url.dll
2013-06-01 12:39 . 2013-06-01 12:39	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-01 12:39 . 2013-06-01 12:39	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-06-01 12:39 . 2013-06-01 12:39	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\programme\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: NameServer = 156.154.70.22,156.154.71.22
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-17  07:46:02
ComboFix-quarantined-files.txt  2013-08-17 05:46
.
Vor Suchlauf: 9 Verzeichnis(se), 26.170.535.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 26.589.069.312 Bytes frei
.
- - End Of File - - 6B020B379705BD7FA5540CE1A7E2D89F
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 17.08.2013, 23:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)

Alt 19.08.2013, 14:32   #7
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Code:
ATTFilter
15:30:11.0249 5268  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:30:11.0537 5268  ============================================================
15:30:11.0537 5268  Current date / time: 2013/08/19 15:30:11.0537
15:30:11.0537 5268  SystemInfo:
15:30:11.0537 5268  
15:30:11.0537 5268  OS Version: 6.1.7601 ServicePack: 1.0
15:30:11.0537 5268  Product type: Workstation
15:30:11.0538 5268  ComputerName: PAUL-PC
15:30:11.0538 5268  UserName: Paul
15:30:11.0538 5268  Windows directory: C:\Windows
15:30:11.0538 5268  System windows directory: C:\Windows
15:30:11.0538 5268  Running under WOW64
15:30:11.0538 5268  Processor architecture: Intel x64
15:30:11.0538 5268  Number of processors: 4
15:30:11.0538 5268  Page size: 0x1000
15:30:11.0538 5268  Boot type: Normal boot
15:30:11.0538 5268  ============================================================
15:30:12.0665 5268  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:30:12.0698 5268  ============================================================
15:30:12.0698 5268  \Device\Harddisk0\DR0:
15:30:12.0701 5268  MBR partitions:
15:30:12.0701 5268  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:30:12.0701 5268  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6B3A000
15:30:12.0701 5268  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6B6C800, BlocksNum 0x6DB99800
15:30:12.0701 5268  ============================================================
15:30:12.0716 5268  C: <-> \Device\Harddisk0\DR0\Partition2
15:30:12.0736 5268  D: <-> \Device\Harddisk0\DR0\Partition3
15:30:12.0737 5268  ============================================================
15:30:12.0737 5268  Initialize success
15:30:12.0737 5268  ============================================================
15:30:45.0173 5700  ============================================================
15:30:45.0174 5700  Scan started
15:30:45.0174 5700  Mode: Manual; SigCheck; TDLFS; 
15:30:45.0174 5700  ============================================================
15:30:48.0218 5700  ================ Scan system memory ========================
15:30:48.0218 5700  System memory - ok
15:30:48.0219 5700  ================ Scan services =============================
15:30:48.0338 5700  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:30:48.0427 5700  1394ohci - ok
15:30:48.0447 5700  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:30:48.0466 5700  ACPI - ok
15:30:48.0484 5700  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:30:48.0525 5700  AcpiPmi - ok
15:30:48.0586 5700  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:30:48.0601 5700  AdobeARMservice - ok
15:30:48.0683 5700  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:30:48.0699 5700  AdobeFlashPlayerUpdateSvc - ok
15:30:48.0730 5700  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:30:48.0752 5700  adp94xx - ok
15:30:48.0774 5700  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:30:48.0791 5700  adpahci - ok
15:30:48.0800 5700  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:30:48.0815 5700  adpu320 - ok
15:30:48.0835 5700  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:30:48.0917 5700  AeLookupSvc - ok
15:30:48.0950 5700  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:30:48.0996 5700  AFD - ok
15:30:49.0022 5700  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:30:49.0036 5700  agp440 - ok
15:30:49.0054 5700  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:30:49.0084 5700  ALG - ok
15:30:49.0106 5700  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:30:49.0119 5700  aliide - ok
15:30:49.0131 5700  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:30:49.0146 5700  amdide - ok
15:30:49.0168 5700  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:30:49.0190 5700  AmdK8 - ok
15:30:49.0205 5700  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:30:49.0240 5700  AmdPPM - ok
15:30:49.0255 5700  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:30:49.0269 5700  amdsata - ok
15:30:49.0292 5700  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:30:49.0308 5700  amdsbs - ok
15:30:49.0320 5700  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:30:49.0333 5700  amdxata - ok
15:30:49.0356 5700  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:30:49.0445 5700  AppID - ok
15:30:49.0462 5700  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:30:49.0513 5700  AppIDSvc - ok
15:30:49.0533 5700  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:30:49.0565 5700  Appinfo - ok
15:30:49.0605 5700  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:30:49.0618 5700  Apple Mobile Device - ok
15:30:49.0655 5700  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:30:49.0682 5700  AppMgmt - ok
15:30:49.0695 5700  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:30:49.0709 5700  arc - ok
15:30:49.0729 5700  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:30:49.0743 5700  arcsas - ok
15:30:49.0816 5700  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:30:49.0848 5700  aspnet_state - ok
15:30:49.0862 5700  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:49.0915 5700  AsyncMac - ok
15:30:49.0937 5700  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:30:49.0950 5700  atapi - ok
15:30:49.0998 5700  [ 36322190763845975E0D001E90687BF2 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
15:30:50.0054 5700  athur - ok
15:30:50.0085 5700  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:30:50.0145 5700  AudioEndpointBuilder - ok
15:30:50.0156 5700  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:30:50.0198 5700  AudioSrv - ok
15:30:50.0218 5700  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:30:50.0267 5700  AxInstSV - ok
15:30:50.0293 5700  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:30:50.0327 5700  b06bdrv - ok
15:30:50.0343 5700  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:30:50.0375 5700  b57nd60a - ok
15:30:50.0405 5700  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:30:50.0430 5700  BDESVC - ok
15:30:50.0448 5700  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:30:50.0488 5700  Beep - ok
15:30:50.0514 5700  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:30:50.0566 5700  BFE - ok
15:30:50.0595 5700  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:30:50.0656 5700  BITS - ok
15:30:50.0675 5700  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:30:50.0699 5700  blbdrive - ok
15:30:50.0742 5700  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:30:50.0758 5700  Bonjour Service - ok
15:30:50.0786 5700  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:30:50.0814 5700  bowser - ok
15:30:50.0838 5700  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:30:50.0875 5700  BrFiltLo - ok
15:30:50.0890 5700  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:30:50.0907 5700  BrFiltUp - ok
15:30:50.0940 5700  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:30:50.0986 5700  BridgeMP - ok
15:30:51.0019 5700  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:30:51.0041 5700  Browser - ok
15:30:51.0053 5700  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:30:51.0101 5700  Brserid - ok
15:30:51.0119 5700  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:30:51.0149 5700  BrSerWdm - ok
15:30:51.0167 5700  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:30:51.0192 5700  BrUsbMdm - ok
15:30:51.0202 5700  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:30:51.0223 5700  BrUsbSer - ok
15:30:51.0239 5700  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:30:51.0263 5700  BTHMODEM - ok
15:30:51.0288 5700  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:30:51.0324 5700  bthserv - ok
15:30:51.0337 5700  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:30:51.0379 5700  cdfs - ok
15:30:51.0405 5700  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:30:51.0436 5700  cdrom - ok
15:30:51.0459 5700  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:30:51.0498 5700  CertPropSvc - ok
15:30:51.0503 5700  CFRMD - ok
15:30:51.0520 5700  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:30:51.0547 5700  circlass - ok
15:30:51.0573 5700  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:30:51.0593 5700  CLFS - ok
15:30:51.0635 5700  [ 702FDEA429C9418E82DA17176D71A257 ] CLPSLauncher    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
15:30:51.0651 5700  CLPSLauncher - ok
15:30:51.0683 5700  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:51.0699 5700  clr_optimization_v2.0.50727_32 - ok
15:30:51.0730 5700  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:30:51.0742 5700  clr_optimization_v2.0.50727_64 - ok
15:30:51.0785 5700  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:51.0850 5700  clr_optimization_v4.0.30319_32 - ok
15:30:51.0865 5700  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:30:51.0890 5700  clr_optimization_v4.0.30319_64 - ok
15:30:51.0910 5700  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:30:51.0930 5700  CmBatt - ok
15:30:52.0069 5700  [ D996E50B7CE4B9740697A21F9B25409C ] cmdAgent        D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
15:30:52.0182 5700  cmdAgent - ok
15:30:52.0204 5700  [ 61B161931BE763DE43FF9E61E7F2B553 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
15:30:52.0217 5700  cmderd - ok
15:30:52.0243 5700  [ DE55A7F8A567924997EE76C3D886ED48 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
15:30:52.0266 5700  cmdGuard - ok
15:30:52.0279 5700  [ 019C060753B4CB99BACF06569F03FF7F ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
15:30:52.0291 5700  cmdHlp - ok
15:30:52.0303 5700  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:30:52.0316 5700  cmdide - ok
15:30:52.0338 5700  [ BB2B324DAD05112164F86D85CC4B8880 ] cmdvirth        D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe
15:30:52.0351 5700  cmdvirth - ok
15:30:52.0382 5700  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:30:52.0408 5700  CNG - ok
15:30:52.0422 5700  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:30:52.0435 5700  Compbatt - ok
15:30:52.0459 5700  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:30:52.0482 5700  CompositeBus - ok
15:30:52.0491 5700  COMSysApp - ok
15:30:52.0503 5700  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:30:52.0517 5700  crcdisk - ok
15:30:52.0545 5700  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:30:52.0578 5700  CryptSvc - ok
15:30:52.0602 5700  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:30:52.0644 5700  CSC - ok
15:30:52.0669 5700  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:30:52.0699 5700  CscService - ok
15:30:52.0739 5700  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:30:52.0791 5700  DcomLaunch - ok
15:30:52.0820 5700  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:30:52.0869 5700  defragsvc - ok
15:30:52.0888 5700  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:30:52.0926 5700  DfsC - ok
15:30:52.0942 5700  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:30:52.0989 5700  Dhcp - ok
15:30:53.0011 5700  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:30:53.0052 5700  discache - ok
15:30:53.0078 5700  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:30:53.0092 5700  Disk - ok
15:30:53.0115 5700  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:30:53.0148 5700  dmvsc - ok
15:30:53.0165 5700  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:30:53.0191 5700  Dnscache - ok
15:30:53.0214 5700  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:30:53.0256 5700  dot3svc - ok
15:30:53.0271 5700  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:30:53.0316 5700  DPS - ok
15:30:53.0382 5700  [ 308195495181C8F3D51E6ED5B58D54AC ] DragonUpdater   C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
15:30:53.0424 5700  DragonUpdater - ok
15:30:53.0446 5700  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:30:53.0476 5700  drmkaud - ok
15:30:53.0513 5700  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:30:53.0539 5700  DXGKrnl - ok
15:30:53.0568 5700  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:30:53.0607 5700  EapHost - ok
15:30:53.0671 5700  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:30:53.0739 5700  ebdrv - ok
15:30:53.0768 5700  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:30:53.0804 5700  EFS - ok
15:30:53.0846 5700  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:30:53.0891 5700  ehRecvr - ok
15:30:53.0900 5700  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:30:53.0923 5700  ehSched - ok
15:30:53.0948 5700  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:30:53.0970 5700  elxstor - ok
15:30:53.0979 5700  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:30:53.0998 5700  ErrDev - ok
15:30:54.0039 5700  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:30:54.0086 5700  EventSystem - ok
15:30:54.0104 5700  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:30:54.0142 5700  exfat - ok
15:30:54.0166 5700  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:30:54.0225 5700  fastfat - ok
15:30:54.0255 5700  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:30:54.0305 5700  Fax - ok
15:30:54.0314 5700  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:30:54.0338 5700  fdc - ok
15:30:54.0361 5700  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:30:54.0398 5700  fdPHost - ok
15:30:54.0408 5700  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:30:54.0449 5700  FDResPub - ok
15:30:54.0483 5700  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:30:54.0496 5700  FileInfo - ok
15:30:54.0507 5700  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:30:54.0547 5700  Filetrace - ok
15:30:54.0562 5700  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:30:54.0578 5700  flpydisk - ok
15:30:54.0600 5700  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:30:54.0617 5700  FltMgr - ok
15:30:54.0655 5700  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:30:54.0693 5700  FontCache - ok
15:30:54.0718 5700  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:30:54.0729 5700  FontCache3.0.0.0 - ok
15:30:54.0744 5700  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:30:54.0758 5700  FsDepends - ok
15:30:54.0781 5700  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:30:54.0794 5700  Fs_Rec - ok
15:30:54.0822 5700  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:30:54.0841 5700  fvevol - ok
15:30:54.0861 5700  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:30:54.0875 5700  gagp30kx - ok
15:30:54.0899 5700  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:30:54.0910 5700  GEARAspiWDM - ok
15:30:54.0958 5700  [ AE63D0DB96C07CAE5DC4CDB2B2A719A0 ] GeekBuddyRSP    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
15:30:54.0996 5700  GeekBuddyRSP - ok
15:30:55.0028 5700  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:30:55.0073 5700  gpsvc - ok
15:30:55.0098 5700  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:30:55.0127 5700  hcw85cir - ok
15:30:55.0155 5700  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:30:55.0185 5700  HdAudAddService - ok
15:30:55.0213 5700  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:30:55.0240 5700  HDAudBus - ok
15:30:55.0259 5700  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:30:55.0274 5700  HidBatt - ok
15:30:55.0290 5700  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:30:55.0311 5700  HidBth - ok
15:30:55.0323 5700  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:30:55.0341 5700  HidIr - ok
15:30:55.0361 5700  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:30:55.0410 5700  hidserv - ok
15:30:55.0433 5700  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:30:55.0447 5700  HidUsb - ok
15:30:55.0463 5700  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:30:55.0512 5700  hkmsvc - ok
15:30:55.0534 5700  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:30:55.0572 5700  HomeGroupListener - ok
15:30:55.0599 5700  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:30:55.0620 5700  HomeGroupProvider - ok
15:30:55.0645 5700  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:30:55.0659 5700  HpSAMD - ok
15:30:55.0688 5700  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:30:55.0738 5700  HTTP - ok
15:30:55.0754 5700  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:30:55.0767 5700  hwpolicy - ok
15:30:55.0781 5700  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:30:55.0798 5700  i8042prt - ok
15:30:55.0825 5700  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:30:55.0844 5700  iaStorV - ok
15:30:55.0885 5700  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:30:55.0907 5700  idsvc - ok
15:30:55.0926 5700  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:30:55.0939 5700  iirsp - ok
15:30:55.0968 5700  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:30:56.0023 5700  IKEEXT - ok
15:30:56.0056 5700  [ 90E3AA0093BDD43C6EAD3985F039F1D8 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
15:30:56.0069 5700  inspect - ok
15:30:56.0078 5700  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:30:56.0091 5700  intelide - ok
15:30:56.0105 5700  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:30:56.0129 5700  intelppm - ok
15:30:56.0152 5700  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:30:56.0192 5700  IPBusEnum - ok
15:30:56.0215 5700  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:30:56.0250 5700  IpFilterDriver - ok
15:30:56.0270 5700  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:30:56.0311 5700  iphlpsvc - ok
15:30:56.0324 5700  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:30:56.0348 5700  IPMIDRV - ok
15:30:56.0354 5700  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:30:56.0397 5700  IPNAT - ok
15:30:56.0445 5700  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:30:56.0464 5700  iPod Service - ok
15:30:56.0480 5700  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:30:56.0506 5700  IRENUM - ok
15:30:56.0519 5700  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:30:56.0532 5700  isapnp - ok
15:30:56.0560 5700  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:30:56.0577 5700  iScsiPrt - ok
15:30:56.0586 5700  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:30:56.0599 5700  kbdclass - ok
15:30:56.0612 5700  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:30:56.0637 5700  kbdhid - ok
15:30:56.0659 5700  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:30:56.0674 5700  KeyIso - ok
15:30:56.0698 5700  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:30:56.0714 5700  KSecDD - ok
15:30:56.0735 5700  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:30:56.0750 5700  KSecPkg - ok
15:30:56.0768 5700  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:30:56.0807 5700  ksthunk - ok
15:30:56.0834 5700  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:30:56.0883 5700  KtmRm - ok
15:30:56.0908 5700  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:30:56.0954 5700  LanmanServer - ok
15:30:56.0978 5700  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:30:57.0024 5700  LanmanWorkstation - ok
15:30:57.0051 5700  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:30:57.0095 5700  lltdio - ok
15:30:57.0115 5700  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:30:57.0164 5700  lltdsvc - ok
15:30:57.0185 5700  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:30:57.0231 5700  lmhosts - ok
15:30:57.0264 5700  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:30:57.0281 5700  LSI_FC - ok
15:30:57.0287 5700  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:30:57.0304 5700  LSI_SAS - ok
15:30:57.0309 5700  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:30:57.0324 5700  LSI_SAS2 - ok
15:30:57.0331 5700  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:30:57.0346 5700  LSI_SCSI - ok
15:30:57.0356 5700  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:30:57.0400 5700  luafv - ok
15:30:57.0425 5700  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:30:57.0438 5700  MBAMProtector - ok
15:30:57.0476 5700  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:30:57.0495 5700  MBAMScheduler - ok
15:30:57.0519 5700  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:30:57.0539 5700  MBAMService - ok
15:30:57.0566 5700  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:30:57.0593 5700  Mcx2Svc - ok
15:30:57.0610 5700  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:30:57.0623 5700  megasas - ok
15:30:57.0638 5700  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:30:57.0655 5700  MegaSR - ok
15:30:57.0688 5700  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:30:57.0733 5700  MMCSS - ok
15:30:57.0748 5700  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:30:57.0795 5700  Modem - ok
15:30:57.0813 5700  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:30:57.0833 5700  monitor - ok
15:30:57.0861 5700  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:30:57.0875 5700  mouclass - ok
15:30:57.0897 5700  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:30:57.0924 5700  mouhid - ok
15:30:57.0947 5700  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:30:57.0962 5700  mountmgr - ok
15:30:57.0971 5700  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:30:57.0987 5700  mpio - ok
15:30:58.0004 5700  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:30:58.0042 5700  mpsdrv - ok
15:30:58.0072 5700  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:30:58.0129 5700  MpsSvc - ok
15:30:58.0136 5700  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:30:58.0164 5700  MRxDAV - ok
15:30:58.0186 5700  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:30:58.0219 5700  mrxsmb - ok
15:30:58.0236 5700  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:30:58.0253 5700  mrxsmb10 - ok
15:30:58.0265 5700  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:30:58.0280 5700  mrxsmb20 - ok
15:30:58.0291 5700  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:30:58.0304 5700  msahci - ok
15:30:58.0315 5700  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:30:58.0331 5700  msdsm - ok
15:30:58.0344 5700  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:30:58.0368 5700  MSDTC - ok
15:30:58.0397 5700  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:30:58.0440 5700  Msfs - ok
15:30:58.0450 5700  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:30:58.0486 5700  mshidkmdf - ok
15:30:58.0496 5700  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:30:58.0509 5700  msisadrv - ok
15:30:58.0535 5700  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:30:58.0583 5700  MSiSCSI - ok
15:30:58.0589 5700  msiserver - ok
15:30:58.0612 5700  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:30:58.0657 5700  MSKSSRV - ok
15:30:58.0678 5700  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:30:58.0724 5700  MSPCLOCK - ok
15:30:58.0729 5700  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:30:58.0771 5700  MSPQM - ok
15:30:58.0786 5700  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:30:58.0805 5700  MsRPC - ok
15:30:58.0820 5700  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:30:58.0834 5700  mssmbios - ok
15:30:58.0855 5700  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:30:58.0893 5700  MSTEE - ok
15:30:58.0907 5700  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:30:58.0922 5700  MTConfig - ok
15:30:58.0943 5700  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:30:58.0956 5700  Mup - ok
15:30:58.0986 5700  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:30:59.0033 5700  napagent - ok
15:30:59.0067 5700  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:30:59.0104 5700  NativeWifiP - ok
15:30:59.0133 5700  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:30:59.0165 5700  NDIS - ok
15:30:59.0190 5700  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:30:59.0226 5700  NdisCap - ok
15:30:59.0247 5700  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:30:59.0282 5700  NdisTapi - ok
15:30:59.0300 5700  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:30:59.0344 5700  Ndisuio - ok
15:30:59.0357 5700  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:30:59.0402 5700  NdisWan - ok
15:30:59.0420 5700  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:30:59.0465 5700  NDProxy - ok
15:30:59.0486 5700  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:30:59.0525 5700  NetBIOS - ok
15:30:59.0541 5700  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:30:59.0578 5700  NetBT - ok
15:30:59.0583 5700  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:30:59.0598 5700  Netlogon - ok
15:30:59.0615 5700  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:30:59.0662 5700  Netman - ok
15:30:59.0675 5700  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0700 5700  NetMsmqActivator - ok
15:30:59.0713 5700  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0726 5700  NetPipeActivator - ok
15:30:59.0745 5700  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:30:59.0790 5700  netprofm - ok
15:30:59.0804 5700  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0816 5700  NetTcpActivator - ok
15:30:59.0821 5700  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0833 5700  NetTcpPortSharing - ok
15:30:59.0857 5700  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:30:59.0870 5700  nfrd960 - ok
15:30:59.0888 5700  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:30:59.0915 5700  NlaSvc - ok
15:30:59.0927 5700  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:30:59.0965 5700  Npfs - ok
15:30:59.0981 5700  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:31:00.0025 5700  nsi - ok
15:31:00.0039 5700  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:31:00.0084 5700  nsiproxy - ok
15:31:00.0128 5700  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:31:00.0170 5700  Ntfs - ok
15:31:00.0186 5700  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:31:00.0227 5700  Null - ok
15:31:00.0254 5700  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
15:31:00.0281 5700  NVENETFD - ok
15:31:00.0305 5700  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:31:00.0320 5700  NVHDA - ok
15:31:00.0502 5700  [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:31:00.0674 5700  nvlddmkm - ok
15:31:00.0697 5700  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:31:00.0713 5700  nvraid - ok
15:31:00.0744 5700  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:31:00.0764 5700  nvstor - ok
15:31:01.0030 5700  [ 912602BB857F31BAAD644C993D0E5F8D ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
15:31:01.0250 5700  NvStreamSvc - ok
15:31:01.0289 5700  [ 25626309AD2F81D47C829CCB5E46E478 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:31:01.0314 5700  nvsvc - ok
15:31:01.0369 5700  [ 056EF5C4AF4BD002AEAE417412C8EB71 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:31:01.0408 5700  nvUpdatusService - ok
15:31:01.0434 5700  [ 92E4BEE1A9EC0572F794B5BAECC0B599 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:31:01.0447 5700  nvvad_WaveExtensible - ok
15:31:01.0467 5700  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:31:01.0482 5700  nv_agp - ok
15:31:01.0499 5700  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:31:01.0523 5700  ohci1394 - ok
15:31:01.0546 5700  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:31:01.0584 5700  p2pimsvc - ok
15:31:01.0606 5700  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:31:01.0628 5700  p2psvc - ok
15:31:01.0635 5700  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:31:01.0659 5700  Parport - ok
15:31:01.0681 5700  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:31:01.0696 5700  partmgr - ok
15:31:01.0710 5700  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:31:01.0742 5700  PcaSvc - ok
15:31:01.0767 5700  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:31:01.0782 5700  pci - ok
15:31:01.0790 5700  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:31:01.0803 5700  pciide - ok
15:31:01.0822 5700  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:31:01.0839 5700  pcmcia - ok
15:31:01.0852 5700  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:31:01.0865 5700  pcw - ok
15:31:01.0882 5700  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:31:01.0934 5700  PEAUTH - ok
15:31:01.0976 5700  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:31:02.0022 5700  PeerDistSvc - ok
15:31:02.0068 5700  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:31:02.0091 5700  PerfHost - ok
15:31:02.0137 5700  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:31:02.0197 5700  pla - ok
15:31:02.0235 5700  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:31:02.0267 5700  PlugPlay - ok
15:31:02.0286 5700  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:31:02.0311 5700  PNRPAutoReg - ok
15:31:02.0329 5700  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:31:02.0347 5700  PNRPsvc - ok
15:31:02.0371 5700  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:31:02.0421 5700  PolicyAgent - ok
15:31:02.0437 5700  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:31:02.0486 5700  Power - ok
15:31:02.0509 5700  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:31:02.0552 5700  PptpMiniport - ok
15:31:02.0588 5700  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:31:02.0612 5700  Processor - ok
15:31:02.0633 5700  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:31:02.0670 5700  ProfSvc - ok
15:31:02.0683 5700  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:31:02.0698 5700  ProtectedStorage - ok
15:31:02.0716 5700  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:31:02.0758 5700  Psched - ok
15:31:02.0807 5700  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:31:02.0847 5700  ql2300 - ok
15:31:02.0864 5700  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:31:02.0880 5700  ql40xx - ok
15:31:02.0904 5700  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:31:02.0927 5700  QWAVE - ok
15:31:02.0933 5700  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:31:02.0959 5700  QWAVEdrv - ok
15:31:02.0973 5700  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:31:03.0011 5700  RasAcd - ok
15:31:03.0033 5700  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:31:03.0071 5700  RasAgileVpn - ok
15:31:03.0084 5700  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:31:03.0124 5700  RasAuto - ok
15:31:03.0149 5700  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:03.0197 5700  Rasl2tp - ok
15:31:03.0225 5700  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:31:03.0265 5700  RasMan - ok
15:31:03.0289 5700  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:03.0338 5700  RasPppoe - ok
15:31:03.0357 5700  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:31:03.0403 5700  RasSstp - ok
15:31:03.0422 5700  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:31:03.0469 5700  rdbss - ok
15:31:03.0487 5700  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:31:03.0511 5700  rdpbus - ok
15:31:03.0523 5700  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:03.0559 5700  RDPCDD - ok
15:31:03.0582 5700  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:31:03.0601 5700  RDPDR - ok
15:31:03.0616 5700  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:31:03.0658 5700  RDPENCDD - ok
15:31:03.0675 5700  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:31:03.0713 5700  RDPREFMP - ok
15:31:03.0756 5700  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:31:03.0792 5700  RdpVideoMiniport - ok
15:31:03.0817 5700  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:31:03.0846 5700  RDPWD - ok
15:31:03.0863 5700  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:31:03.0881 5700  rdyboost - ok
15:31:03.0905 5700  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:31:03.0942 5700  RemoteAccess - ok
15:31:03.0959 5700  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:31:04.0006 5700  RemoteRegistry - ok
15:31:04.0018 5700  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:31:04.0055 5700  RpcEptMapper - ok
15:31:04.0067 5700  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:31:04.0091 5700  RpcLocator - ok
15:31:04.0112 5700  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:31:04.0151 5700  RpcSs - ok
15:31:04.0177 5700  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:31:04.0216 5700  rspndr - ok
15:31:04.0241 5700  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:31:04.0262 5700  s3cap - ok
15:31:04.0275 5700  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:31:04.0291 5700  SamSs - ok
15:31:04.0307 5700  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:31:04.0321 5700  sbp2port - ok
15:31:04.0344 5700  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:31:04.0382 5700  SCardSvr - ok
15:31:04.0391 5700  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:31:04.0435 5700  scfilter - ok
15:31:04.0468 5700  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:31:04.0527 5700  Schedule - ok
15:31:04.0549 5700  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:31:04.0584 5700  SCPolicySvc - ok
15:31:04.0598 5700  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:31:04.0631 5700  SDRSVC - ok
15:31:04.0660 5700  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:31:04.0704 5700  secdrv - ok
15:31:04.0723 5700  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:31:04.0758 5700  seclogon - ok
15:31:04.0771 5700  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:31:04.0809 5700  SENS - ok
15:31:04.0818 5700  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:31:04.0841 5700  SensrSvc - ok
15:31:04.0855 5700  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:31:04.0881 5700  Serenum - ok
15:31:04.0908 5700  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:31:04.0930 5700  Serial - ok
15:31:04.0952 5700  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:31:04.0977 5700  sermouse - ok
15:31:05.0005 5700  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:31:05.0048 5700  SessionEnv - ok
15:31:05.0059 5700  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:31:05.0077 5700  sffdisk - ok
15:31:05.0085 5700  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:31:05.0104 5700  sffp_mmc - ok
15:31:05.0113 5700  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:31:05.0139 5700  sffp_sd - ok
15:31:05.0154 5700  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:31:05.0176 5700  sfloppy - ok
15:31:05.0195 5700  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:31:05.0245 5700  SharedAccess - ok
15:31:05.0269 5700  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:31:05.0318 5700  ShellHWDetection - ok
15:31:05.0340 5700  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:31:05.0354 5700  SiSRaid2 - ok
15:31:05.0360 5700  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:31:05.0375 5700  SiSRaid4 - ok
15:31:05.0396 5700  [ 004179B6C039D39B71FBE3D07C5DFE79 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:31:05.0409 5700  SkypeUpdate - ok
15:31:05.0419 5700  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:31:05.0467 5700  Smb - ok
15:31:05.0492 5700  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:31:05.0520 5700  SNMPTRAP - ok
15:31:05.0535 5700  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:31:05.0548 5700  spldr - ok
15:31:05.0580 5700  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:31:05.0608 5700  Spooler - ok
15:31:05.0673 5700  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:31:05.0750 5700  sppsvc - ok
15:31:05.0764 5700  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:31:05.0802 5700  sppuinotify - ok
15:31:05.0828 5700  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:31:05.0859 5700  srv - ok
15:31:05.0874 5700  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:31:05.0899 5700  srv2 - ok
15:31:05.0915 5700  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:31:05.0931 5700  srvnet - ok
15:31:05.0957 5700  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:31:05.0997 5700  SSDPSRV - ok
15:31:06.0007 5700  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:31:06.0044 5700  SstpSvc - ok
15:31:06.0087 5700  [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:31:06.0108 5700  Stereo Service - ok
15:31:06.0131 5700  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:31:06.0144 5700  stexstor - ok
15:31:06.0175 5700  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:31:06.0208 5700  stisvc - ok
15:31:06.0229 5700  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:31:06.0242 5700  storflt - ok
15:31:06.0254 5700  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:31:06.0286 5700  StorSvc - ok
15:31:06.0295 5700  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:31:06.0308 5700  storvsc - ok
15:31:06.0326 5700  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:31:06.0339 5700  swenum - ok
15:31:06.0365 5700  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:31:06.0419 5700  swprv - ok
15:31:06.0461 5700  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:31:06.0512 5700  SysMain - ok
15:31:06.0526 5700  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:31:06.0548 5700  TabletInputService - ok
15:31:06.0569 5700  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:31:06.0627 5700  TapiSrv - ok
15:31:06.0647 5700  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:31:06.0684 5700  TBS - ok
15:31:06.0728 5700  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:31:06.0774 5700  Tcpip - ok
15:31:06.0802 5700  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:31:06.0842 5700  TCPIP6 - ok
15:31:06.0863 5700  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:31:06.0877 5700  tcpipreg - ok
15:31:06.0893 5700  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:31:06.0927 5700  TDPIPE - ok
15:31:06.0945 5700  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:31:06.0969 5700  TDTCP - ok
15:31:06.0991 5700  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:31:07.0028 5700  tdx - ok
15:31:07.0040 5700  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:31:07.0053 5700  TermDD - ok
15:31:07.0079 5700  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:31:07.0124 5700  TermService - ok
15:31:07.0134 5700  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:31:07.0155 5700  Themes - ok
15:31:07.0170 5700  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:31:07.0209 5700  THREADORDER - ok
15:31:07.0225 5700  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:31:07.0273 5700  TrkWks - ok
15:31:07.0302 5700  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:31:07.0337 5700  TrustedInstaller - ok
15:31:07.0354 5700  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:07.0377 5700  tssecsrv - ok
15:31:07.0403 5700  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:31:07.0433 5700  TsUsbFlt - ok
15:31:07.0455 5700  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:31:07.0469 5700  TsUsbGD - ok
15:31:07.0500 5700  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:31:07.0540 5700  tunnel - ok
15:31:07.0550 5700  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:31:07.0565 5700  uagp35 - ok
15:31:07.0583 5700  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:31:07.0625 5700  udfs - ok
15:31:07.0652 5700  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:31:07.0675 5700  UI0Detect - ok
15:31:07.0684 5700  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:31:07.0700 5700  uliagpkx - ok
15:31:07.0732 5700  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:31:07.0754 5700  umbus - ok
15:31:07.0772 5700  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:31:07.0794 5700  UmPass - ok
15:31:07.0817 5700  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:31:07.0841 5700  UmRdpService - ok
15:31:07.0864 5700  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:31:07.0912 5700  upnphost - ok
15:31:07.0947 5700  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:31:07.0970 5700  USBAAPL64 - ok
15:31:08.0011 5700  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:31:08.0040 5700  usbaudio - ok
15:31:08.0073 5700  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:08.0103 5700  usbccgp - ok
15:31:08.0127 5700  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:31:08.0146 5700  usbcir - ok
15:31:08.0161 5700  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:31:08.0188 5700  usbehci - ok
15:31:08.0223 5700  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:31:08.0250 5700  usbhub - ok
15:31:08.0267 5700  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:31:08.0286 5700  usbohci - ok
15:31:08.0307 5700  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:31:08.0328 5700  usbprint - ok
15:31:08.0338 5700  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:08.0364 5700  USBSTOR - ok
15:31:08.0377 5700  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:31:08.0400 5700  usbuhci - ok
15:31:08.0418 5700  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:31:08.0462 5700  UxSms - ok
15:31:08.0482 5700  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:31:08.0497 5700  VaultSvc - ok
15:31:08.0523 5700  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:31:08.0537 5700  vdrvroot - ok
15:31:08.0555 5700  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:31:08.0605 5700  vds - ok
15:31:08.0620 5700  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:08.0637 5700  vga - ok
15:31:08.0646 5700  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:31:08.0691 5700  VgaSave - ok
15:31:08.0698 5700  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:31:08.0715 5700  vhdmp - ok
15:31:08.0731 5700  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:31:08.0744 5700  viaide - ok
15:31:08.0768 5700  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:31:08.0783 5700  vmbus - ok
15:31:08.0795 5700  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:31:08.0814 5700  VMBusHID - ok
15:31:08.0828 5700  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:31:08.0843 5700  volmgr - ok
15:31:08.0860 5700  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:31:08.0879 5700  volmgrx - ok
15:31:08.0895 5700  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:31:08.0914 5700  volsnap - ok
15:31:08.0936 5700  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:31:08.0952 5700  vsmraid - ok
15:31:08.0993 5700  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:31:09.0059 5700  VSS - ok
15:31:09.0081 5700  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:31:09.0106 5700  vwifibus - ok
15:31:09.0125 5700  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:31:09.0154 5700  vwififlt - ok
15:31:09.0175 5700  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:31:09.0220 5700  W32Time - ok
15:31:09.0238 5700  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:31:09.0259 5700  WacomPen - ok
15:31:09.0284 5700  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:31:09.0326 5700  WANARP - ok
15:31:09.0331 5700  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:31:09.0366 5700  Wanarpv6 - ok
15:31:09.0404 5700  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:31:09.0455 5700  wbengine - ok
15:31:09.0476 5700  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:31:09.0500 5700  WbioSrvc - ok
15:31:09.0514 5700  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:31:09.0544 5700  wcncsvc - ok
15:31:09.0559 5700  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:31:09.0593 5700  WcsPlugInService - ok
15:31:09.0613 5700  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:31:09.0626 5700  Wd - ok
15:31:09.0652 5700  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:31:09.0680 5700  Wdf01000 - ok
15:31:09.0709 5700  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:31:09.0943 5700  WdiServiceHost - ok
15:31:09.0950 5700  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:31:09.0973 5700  WdiSystemHost - ok
15:31:09.0992 5700  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:31:10.0023 5700  WebClient - ok
15:31:10.0051 5700  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:31:10.0097 5700  Wecsvc - ok
15:31:10.0115 5700  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:31:10.0153 5700  wercplsupport - ok
15:31:10.0170 5700  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:31:10.0208 5700  WerSvc - ok
15:31:10.0233 5700  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:31:10.0273 5700  WfpLwf - ok
15:31:10.0291 5700  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:31:10.0304 5700  WIMMount - ok
15:31:10.0323 5700  WinDefend - ok
15:31:10.0343 5700  WinHttpAutoProxySvc - ok
15:31:10.0395 5700  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:31:10.0447 5700  Winmgmt - ok
15:31:10.0499 5700  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:31:10.0595 5700  WinRM - ok
15:31:10.0640 5700  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:31:10.0669 5700  WinUsb - ok
15:31:10.0699 5700  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:31:10.0759 5700  Wlansvc - ok
15:31:10.0778 5700  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:31:10.0792 5700  WmiAcpi - ok
15:31:10.0812 5700  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:31:10.0837 5700  wmiApSrv - ok
15:31:10.0865 5700  WMPNetworkSvc - ok
15:31:10.0891 5700  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:31:10.0922 5700  WPCSvc - ok
15:31:10.0935 5700  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:31:10.0955 5700  WPDBusEnum - ok
15:31:10.0980 5700  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:31:11.0021 5700  ws2ifsl - ok
15:31:11.0043 5700  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:31:11.0080 5700  wscsvc - ok
15:31:11.0086 5700  WSearch - ok
15:31:11.0147 5700  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:31:11.0226 5700  wuauserv - ok
15:31:11.0251 5700  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:31:11.0282 5700  WudfPf - ok
15:31:11.0308 5700  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:11.0341 5700  WUDFRd - ok
15:31:11.0366 5700  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:31:11.0397 5700  wudfsvc - ok
15:31:11.0418 5700  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:31:11.0444 5700  WwanSvc - ok
15:31:11.0462 5700  ================ Scan global ===============================
15:31:11.0481 5700  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:31:11.0508 5700  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:31:11.0523 5700  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:31:11.0551 5700  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:31:11.0569 5700  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:31:11.0573 5700  [Global] - ok
15:31:11.0573 5700  ================ Scan MBR ==================================
15:31:11.0580 5700  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:31:11.0809 5700  \Device\Harddisk0\DR0 - ok
15:31:11.0810 5700  ================ Scan VBR ==================================
15:31:11.0813 5700  [ F29A84883D78A7AE317BB2E0D281638C ] \Device\Harddisk0\DR0\Partition1
15:31:11.0814 5700  \Device\Harddisk0\DR0\Partition1 - ok
15:31:11.0847 5700  [ 92FECA44CB22B3E92B545BDB655A30C5 ] \Device\Harddisk0\DR0\Partition2
15:31:11.0848 5700  \Device\Harddisk0\DR0\Partition2 - ok
15:31:11.0858 5700  [ 650275C481093A3AAC06A87BCB781A10 ] \Device\Harddisk0\DR0\Partition3
15:31:11.0859 5700  \Device\Harddisk0\DR0\Partition3 - ok
15:31:11.0859 5700  ============================================================
15:31:11.0859 5700  Scan finished
15:31:11.0859 5700  ============================================================
15:31:11.0872 5692  Detected object count: 0
15:31:11.0872 5692  Actual detected object count: 0
15:31:42.0300 5220  Deinitialize success
         

Alt 20.08.2013, 10:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Combofix löschen und neu laden, nochmal laufen lassen und bitte das Logfile posten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.08.2013, 18:58   #9
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Code:
ATTFilter
ComboFix 13-08-20.01 - Paul 21.08.2013  19:40:21.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2740 [GMT 2:00]
ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\erdnt\cache86\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-21 bis 2013-08-21  ))))))))))))))))))))))))))))))
.
.
2013-08-21 17:48 . 2013-08-21 17:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-21 17:48 . 2013-08-21 17:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-20 16:29 . 2013-08-20 16:29	--------	d-----w-	c:\program files\iPod
2013-08-20 16:29 . 2013-08-20 16:29	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 16:29 . 2013-08-20 16:29	--------	d-----w-	c:\program files\iTunes
2013-08-14 06:29 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-14 06:29 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-14 06:29 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-14 06:29 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-14 06:29 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-14 06:29 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-13 16:30 . 2013-08-13 16:30	--------	d-----w-	C:\FRST
2013-08-10 17:04 . 2013-08-10 17:06	--------	d-----w-	c:\users\Paul\AppData\Roaming\Skype
2013-08-10 17:04 . 2013-08-10 17:04	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-08-10 17:04 . 2013-08-10 17:04	--------	d-----r-	c:\program files (x86)\Skype
2013-08-10 17:03 . 2013-08-10 17:04	--------	d-----w-	c:\programdata\Skype
2013-07-30 15:44 . 2013-07-30 15:44	--------	d-----w-	C:\NvidiaLogging
2013-07-30 15:42 . 2013-05-14 19:28	39712	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-07-30 15:42 . 2013-05-14 19:27	29984	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-07-30 15:42 . 2013-05-14 19:27	28448	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-07-30 15:42 . 2013-07-30 15:42	--------	d-----w-	c:\users\Paul\AppData\Local\NVIDIA
2013-07-26 23:06 . 2013-07-26 23:06	--------	d-----w-	c:\program files (x86)\Common Files\COMODO
2013-07-24 16:37 . 2013-08-14 06:33	--------	d-----w-	c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 06:32 . 2013-06-01 12:05	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-08-07 17:44 . 2013-06-01 12:20	48392	----a-w-	c:\windows\SysWow64\certsentry.dll
2013-08-07 17:44 . 2013-06-01 11:28	57096	----a-w-	c:\windows\system32\certsentry.dll
2013-07-21 11:36 . 2013-06-01 11:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 11:36 . 2013-06-01 11:20	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 06:28	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-08 20:59 . 2013-04-15 16:38	708632	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2013-06-21 12:06 . 2013-07-01 17:14	9239344	----a-w-	c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14	7687592	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14	572704	----a-w-	c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 17:14	570656	----a-w-	c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 17:14	467232	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 17:14	465184	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 17:14	2953504	----a-w-	c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14	27781920	----a-w-	c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 17:14	2777888	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14	21102368	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 17:14	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14	1832224	----a-w-	c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14	15144928	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 17:14	1511712	----a-w-	c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14	13411896	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 17:14	11235104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-01 12:48	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-01 12:48	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-02-25 22:32	2597856	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32	12427240	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-25 22:32	2936208	----a-w-	c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-25 22:32	15920536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-01 12:49	6496544	----a-w-	c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-01 12:49	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-01 12:49	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-01 12:49	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-01 12:49	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-01 12:49	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-06-18 15:16 . 2013-04-15 16:38	96800	----a-w-	c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 16:38	48360	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 16:38	23168	----a-w-	c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 16:38	43216	----a-w-	c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-15 16:38	348584	----a-w-	c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-15 16:38	437688	----a-w-	c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 16:38	45784	----a-w-	c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 16:38	344792	----a-w-	c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 16:38	278232	----a-w-	c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 16:38	40664	----a-w-	c:\windows\SysWow64\cmdkbd32.dll
2013-06-13 06:09 . 2013-06-13 06:09	55496	----a-w-	c:\windows\SysWow64\offreg.dll
2013-06-11 23:48 . 2013-06-11 22:48	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-05 03:34 . 2013-07-21 11:36	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-21 11:37	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-21 11:37	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-06-02 20:37 . 2013-06-02 20:37	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-02 20:37 . 2013-06-02 20:37	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37	311200	----a-w-	c:\windows\system32\javaws.exe
2013-06-02 20:37 . 2013-06-02 20:37	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37	188832	----a-w-	c:\windows\system32\javaw.exe
2013-06-02 20:37 . 2013-06-02 20:37	188320	----a-w-	c:\windows\system32\java.exe
2013-06-01 12:39 . 2013-06-01 12:39	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-01 12:39 . 2013-06-01 12:39	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-01 12:39 . 2013-06-01 12:39	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-01 12:39 . 2013-06-01 12:39	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-01 12:39 . 2013-06-01 12:39	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-01 12:39 . 2013-06-01 12:39	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-01 12:39 . 2013-06-01 12:39	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-01 12:39 . 2013-06-01 12:39	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-01 12:39 . 2013-06-01 12:39	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-01 12:39 . 2013-06-01 12:39	441856	----a-w-	c:\windows\system32\html.iec
2013-06-01 12:39 . 2013-06-01 12:39	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-01 12:39 . 2013-06-01 12:39	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-01 12:39 . 2013-06-01 12:39	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-01 12:39 . 2013-06-01 12:39	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-01 12:39 . 2013-06-01 12:39	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-01 12:39 . 2013-06-01 12:39	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-01 12:39 . 2013-06-01 12:39	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-01 12:39 . 2013-06-01 12:39	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-01 12:39 . 2013-06-01 12:39	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-01 12:39 . 2013-06-01 12:39	235008	----a-w-	c:\windows\system32\url.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\programme\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: NameServer = 156.154.70.22,156.154.71.22
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-21  19:57:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-21 17:57
.
Vor Suchlauf: 12 Verzeichnis(se), 26.980.790.272 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 26.765.307.904 Bytes frei
.
- - End Of File - - 629A624AE7D72BB5A858CEB8D238475E
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 22.08.2013, 08:09   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.08.2013, 18:19   #11
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Paul :: PAUL-PC [Administrator]

22.08.2013 18:38:15
mbam-log-2013-08-22 (18-38-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240026
Laufzeit: 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.000 - Report created 22/08/2013 at 18:49:10
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


*************************

AdwCleaner[R0].txt - [633 octets] - [22/08/2013 18:48:41]
AdwCleaner[S0].txt - [555 octets] - [22/08/2013 18:49:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [614 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Professional x64
Ran by Paul on 22.08.2013 at 18:54:29,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.08.2013 at 19:14:17,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by Paul (administrator) on 22-08-2013 19:17:05
Running from C:\Users\Paul\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: [NameServer]156.154.70.22,156.154.71.22

==================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:52 - 2013-08-22 18:52 - 01021434 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
2013-08-22 18:47 - 2013-08-22 18:49 - 00000000 ____D C:\AdwCleaner
2013-08-22 18:47 - 2013-08-22 18:47 - 00975858 _____ C:\Users\Paul\Desktop\adwcleaner.exe
2013-08-22 18:34 - 2013-08-22 18:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Paul\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-22 18:32 - 2013-08-22 18:32 - 01576476 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-17 07:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 07:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 07:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 08:37 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 08:37 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 08:37 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 08:37 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 08:37 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:37 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 08:36 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 08:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:28 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:28 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-10 19:04 - 2013-08-10 19:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:03 - 2013-08-10 19:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:42 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 17:42 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 17:42 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-24 18:37 - 2013-08-14 08:33 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-22 19:14 - 2013-08-22 19:14 - 00000624 _____ C:\Users\Paul\Desktop\JRT.txt
2013-08-22 18:57 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-08-22 18:57 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-08-22 18:57 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 18:57 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 18:57 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:52 - 2013-08-22 18:52 - 01021434 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
2013-08-22 18:50 - 2013-06-01 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-22 18:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 18:50 - 2009-07-14 06:51 - 00052801 _____ C:\Windows\setupact.log
2013-08-22 18:49 - 2013-08-22 18:47 - 00000000 ____D C:\AdwCleaner
2013-08-22 18:49 - 2013-06-01 13:29 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-22 18:49 - 2013-05-30 12:26 - 01530855 _____ C:\Windows\WindowsUpdate.log
2013-08-22 18:48 - 2013-06-01 13:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 18:47 - 2013-08-22 18:47 - 00975858 _____ C:\Users\Paul\Desktop\adwcleaner.exe
2013-08-22 18:35 - 2013-08-22 18:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Paul\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-22 18:32 - 2013-08-22 18:32 - 01576476 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\Users\Paul\AppData\Local\PMB Files
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-21 20:49 - 2013-06-01 13:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 20:49 - 2013-06-01 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 20:49 - 2013-06-01 13:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-21 19:57 - 2013-06-07 12:41 - 00000000 ____D C:\Qoobox
2013-08-21 19:53 - 2013-06-07 12:40 - 00000000 ____D C:\Windows\erdnt
2013-08-21 19:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 19:49 - 2010-11-21 05:47 - 00006654 _____ C:\Windows\PFRO.log
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-20 18:24 - 2013-06-02 23:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-17 07:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 18:05 - 2013-06-28 14:31 - 00000000 ____D C:\Windows\Minidump
2013-08-14 09:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 08:33 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:32 - 2013-06-01 14:05 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-13 18:29 - 2013-05-30 12:26 - 00000000 ____D C:\Users\Paul
2013-08-10 19:06 - 2013-08-10 19:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:04 - 2013-08-10 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 19:44 - 2013-06-01 14:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-07 19:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:43 - 2013-06-01 14:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 17:43 - 2013-06-01 14:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:41 - 2013-06-01 14:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-26 07:13 - 2013-08-14 08:37 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 08:37 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 08:37 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 08:37 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 08:36 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-14 08:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-14 08:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 08:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 08:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 19:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 23.08.2013, 09:55   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.08.2013, 16:29   #13
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5e5dfa7a573e4d4f87f53aa78e889373
# engine=14878
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-23 02:17:41
# local_time=2013-08-23 04:17:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 78660 15784705 0 0
# compatibility_mode=5893 16776574 100 94 2857794 128897311 0 0
# scanned=120766
# found=0
# cleaned=0
# scan_time=2524
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by Paul (administrator) on 23-08-2013 17:24:06
Running from C:\Users\Paul\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: [NameServer]156.154.70.22,156.154.71.22

==================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 16:47 - 2013-08-23 16:47 - 00891115 _____ C:\Users\Paul\Desktop\SecurityCheck.exe
2013-08-23 15:32 - 2013-08-23 15:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-23 15:30 - 2013-08-23 15:30 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:47 - 2013-08-22 18:49 - 00000000 ____D C:\AdwCleaner
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-17 07:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 07:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 07:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 08:37 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 08:37 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 08:37 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 08:37 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 08:37 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:37 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 08:36 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 08:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:28 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:28 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-10 19:04 - 2013-08-10 19:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:03 - 2013-08-10 19:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:42 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 17:42 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 17:42 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-24 18:37 - 2013-08-14 08:33 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-23 17:23 - 2013-08-23 17:23 - 01576474 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2013-08-23 17:17 - 2013-06-01 13:29 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-23 16:48 - 2013-06-01 13:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 16:47 - 2013-08-23 16:47 - 00891115 _____ C:\Users\Paul\Desktop\SecurityCheck.exe
2013-08-23 15:35 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 15:35 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 15:32 - 2013-08-23 15:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-23 15:32 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-08-23 15:32 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-08-23 15:32 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 15:31 - 2013-05-30 12:26 - 01542936 _____ C:\Windows\WindowsUpdate.log
2013-08-23 15:30 - 2013-08-23 15:30 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
2013-08-23 15:28 - 2013-06-01 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-23 15:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 15:28 - 2009-07-14 06:51 - 00052969 _____ C:\Windows\setupact.log
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:49 - 2013-08-22 18:47 - 00000000 ____D C:\AdwCleaner
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\Users\Paul\AppData\Local\PMB Files
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-21 20:49 - 2013-06-01 13:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 20:49 - 2013-06-01 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 20:49 - 2013-06-01 13:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-21 19:57 - 2013-06-07 12:41 - 00000000 ____D C:\Qoobox
2013-08-21 19:53 - 2013-06-07 12:40 - 00000000 ____D C:\Windows\erdnt
2013-08-21 19:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 19:49 - 2010-11-21 05:47 - 00006654 _____ C:\Windows\PFRO.log
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-20 18:24 - 2013-06-02 23:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-17 07:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 18:05 - 2013-06-28 14:31 - 00000000 ____D C:\Windows\Minidump
2013-08-14 09:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 08:33 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:32 - 2013-06-01 14:05 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-13 18:29 - 2013-05-30 12:26 - 00000000 ____D C:\Users\Paul
2013-08-10 19:06 - 2013-08-10 19:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:04 - 2013-08-10 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 19:44 - 2013-06-01 14:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-07 19:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:43 - 2013-06-01 14:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 17:43 - 2013-06-01 14:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:41 - 2013-06-01 14:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-26 07:13 - 2013-08-14 08:37 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 08:37 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 08:37 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 08:37 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 08:36 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-14 08:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-14 08:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 08:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 08:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 19:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Ja das Problem ist immernoch da .

Alt 24.08.2013, 09:05   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



alles von Comodo deinstallieren und neu installieren, dann nochmal testen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.08.2013, 11:02   #15
luapnrok
 
Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Standard

Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)



Vielen, vielen Dank!!!!
Läuft wieder alles. Super!

Liebe Grüße luapnrok

Antwort

Themen zu Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)
.exe, 5 browser-prozesse, anhang, browser, defogger, gescannt, inter, interne, internet, internet langsam, laufe, laufen, logfiles, prozesse, stark, tagen, ungewöhnlich



Ähnliche Themen: Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)


  1. Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse
    Plagegeister aller Art und deren Bekämpfung - 23.04.2015 (19)
  2. Win 8.1 Pro - Notebook täuscht herunterfahren vor, externe Lüfter bleiben angeschaltet. Systemstart etc. stark verlangsamt
    Log-Analyse und Auswertung - 14.04.2015 (17)
  3. Windows 8.1 - Computer stark verlangsamt - Verdacht auf Virus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2015 (19)
  4. Hochfahren unter Windows 7 64bit seit kurzer Zeit stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (4)
  5. Browser langsam, Internet stark beeinträchtigt, Spiele/streams nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (1)
  6. Windows XP: Avast friert bei Fehlerbehebung ein und zeigt enorme Bedrohungsfunde, alle Prozesse stark verlangsamt;
    Log-Analyse und Auswertung - 14.03.2014 (20)
  7. PC sehr stark verlangsamt, Virus? Systwork Seite öffnet immer
    Plagegeister aller Art und deren Bekämpfung - 08.03.2014 (5)
  8. Spyware, Hilfe! Internet und Rechner verlangsamt, Browser öffnet sich von allein.
    Plagegeister aller Art und deren Bekämpfung - 25.09.2013 (1)
  9. Internet stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (22)
  10. Internet stark verlangsamt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  11. Unbekannter Virus: Windows Explorer stürzt ab, Rechner teilweise stark verlangsamt usw.
    Log-Analyse und Auswertung - 12.03.2012 (28)
  12. Ungewöhnlich viele Nat verbindungen
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (5)
  13. Merkwürdiger Befall / inxcom.exe / Browsing stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (1)
  14. Internet plötzlich stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 26.11.2008 (0)
  15. Browser öffnen selbstständig, Herunterfahren sehr langsam, viele neue Prozesse
    Log-Analyse und Auswertung - 15.11.2008 (3)
  16. Internet stark verlangsamt bis gar nicht funktionsfähig
    Log-Analyse und Auswertung - 18.09.2008 (1)
  17. PC stark verlangsamt + ständiger Versuch der autmatischen Einwahl !
    Log-Analyse und Auswertung - 22.10.2006 (3)

Zum Thema Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) - Hallo mein Internet ist seit ein paar Tagen stark verlangsamt. Habe bemerkt, dass 5 Prozesse von meinem Browser laufen (dragon.exe*32). Mein Browser ist Dragon Comodo. Habe schon mit "defogger", "FRST" - Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)...
Archiv
Du betrachtest: Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.