| |
| |||||||
Log-Analyse und Auswertung: Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
14.08.2013, 17:27
| #1 |
 |  Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Hallo mein Internet ist seit ein paar Tagen stark verlangsamt. Habe bemerkt, dass 5 Prozesse von meinem Browser laufen (dragon.exe*32). Mein Browser ist Dragon Comodo. Habe schon mit "defogger", "FRST" und "gmr" gescannt, die logfiles dazu findet ihr im Anhang (leider zu groß). |
|
14.08.2013, 17:34
| #2 | |
| /// the machine /// TB-Ausbilder    | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
15.08.2013, 06:16
| #3 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Hey entschuldige aber die letzte logfile war zu groß. Okay soll ich Sie nochmal posten oder nur für die Zukunft?
__________________Wenn ich combofix starte kommt folgender Fehler: Fehler beim Überschreiben der Datei: "C:\32788R22FWJFW\AWF.cmd" FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by Paul (administrator) on 13-08-2013 18:31:19
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [gbrspcontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: [NameServer]156.154.70.22,156.154.71.22
==================== Services (Whitelisted) =================
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-10 19:04 - 2013-08-10 19:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:03 - 2013-08-10 19:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:42 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 17:42 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 17:42 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-27 01:06 - 2013-07-27 01:06 - 00002043 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2013-07-24 18:37 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 13:48 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-21 13:48 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-21 13:48 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-21 13:48 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 13:48 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 13:48 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-21 13:48 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 13:48 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-21 13:48 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-21 13:48 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-21 13:48 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 13:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-21 13:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-21 13:42 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 13:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 13:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-21 13:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 13:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 13:36 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-13 18:29 - 2013-05-30 12:26 - 00000000 ____D C:\Users\Paul
2013-08-13 18:22 - 2013-06-01 13:29 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-13 18:18 - 2013-06-07 16:10 - 00000000 ____D C:\Users\Paul\AppData\Local\PMB Files
2013-08-13 18:18 - 2013-06-07 16:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-13 17:48 - 2013-06-01 13:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 13:24 - 2013-05-30 12:26 - 01251201 _____ C:\Windows\WindowsUpdate.log
2013-08-13 08:34 - 2009-07-14 06:51 - 00048657 _____ C:\Windows\setupact.log
2013-08-13 06:10 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 06:10 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 06:07 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-08-13 06:07 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-08-13 06:07 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 06:02 - 2013-06-01 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-13 06:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 19:06 - 2013-08-10 19:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:04 - 2013-08-10 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 19:44 - 2013-06-01 14:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-07 19:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:43 - 2013-06-01 14:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 17:43 - 2013-06-01 14:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:41 - 2013-06-01 14:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-27 01:06 - 2013-07-27 01:06 - 00002043 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2013-07-24 18:38 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 14:29 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-21 14:27 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 14:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 14:27 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-21 13:43 - 2013-07-21 13:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-21 13:36 - 2013-06-01 15:45 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2013-07-21 13:36 - 2013-06-01 13:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 13:36 - 2013-06-01 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 13:36 - 2013-06-01 13:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 19:31
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2013 01 Ran by Paul at 2013-08-13 18:31:51 Running from D:\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) Comodo Dragon (x32 Version: 28.1.0.0) COMODO Internet Security Premium (Version: 6.1.13008.2801) GeekBuddy (x32 Version: 4.8.66) iTunes (Version: 11.0.4.4) Java 7 Update 21 (64-bit) (Version: 7.0.210) League of Legends (x32 Version: 1.3) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mein CEWE FOTOBUCH (x32 Version: 5.0.3) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.6 (Version: 1.6) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.131.854) NVIDIA PhysX (x32 Version: 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 7.2.17 (Version: 7.2.17) NVIDIA Update Components (Version: 7.2.17) NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1) Pando Media Booster (x32 Version: 2.6.0.9) rosoft .NET Framework 4 Client Profile (Version: 4.0.30319) SHIELD Streaming (Version: 1.05.19) Skype™ 6.7 (x32 Version: 6.7.102) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) ==================== Restore Points ========================= 01-08-2013 18:48:48 Geplanter Prüfpunkt 10-08-2013 17:35:04 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {4F9FBC30-7EA2-4F95-A9C3-C56BC1D7FDAE} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO) Task: {7021D224-1745-41AA-ADAB-13107F94BDB5} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => D:\Programme\COMODO\COMODO Internet Security\cis.exe [2013-07-08] (COMODO) Task: {7EB74C95-64A4-4DD1-A4F9-B14704FED6C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-21] (Adobe Systems Incorporated) Task: {9E919F1A-1DBE-4253-8C70-6A09F9D54627} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO) Task: {AB56845E-6B0A-46E4-87A4-FA4825074ACD} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO) Task: {BA9974A5-FCBE-48D3-AB12-EC68571DA8FB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-08] (COMODO) Task: {CDEAD8BE-4F3D-41FA-B4D1-5C5B18AFC4D2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {D8D8F939-3BEA-4B33-B170-14CE526A8880} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= Name: Camera Description: Camera Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/13/2013 06:04:38 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2013 06:02:59 AM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/13/2013 06:02:58 AM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/12/2013 05:15:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2013 05:13:45 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/12/2013 05:13:44 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/11/2013 04:13:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2013 04:11:34 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/11/2013 04:11:33 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/10/2013 09:54:31 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/13/2013 06:02:59 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: CFRMD Error: (08/13/2013 06:02:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error: (08/12/2013 05:13:47 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: CFRMD Error: (08/12/2013 05:13:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error: (08/11/2013 04:11:34 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: CFRMD Error: (08/11/2013 04:11:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error: (08/10/2013 09:52:52 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: CFRMD Error: (08/10/2013 09:52:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error: (08/10/2013 02:57:32 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: CFRMD Error: (08/10/2013 02:57:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Microsoft Office Sessions: ========================= Error: (08/13/2013 06:04:38 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2013 06:02:59 AM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/13/2013 06:02:58 AM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/12/2013 05:15:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2013 05:13:45 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/12/2013 05:13:44 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/11/2013 04:13:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2013 04:11:34 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/11/2013 04:11:33 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/10/2013 09:54:31 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 4094.42 MB Available physical RAM: 2635.94 MB Total Pagefile: 8187.03 MB Available Pagefile: 6135.78 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:53.61 GB) (Free:24.43 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:877.8 GB) (Free:846.46 GB) NTFS (Disk=0 Partition=3) Drive e: (OBLIVION) (CDROM) (Total:7.28 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 241C6624) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=54 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=878 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:02 on 14/08/2013 (Paul)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
15.08.2013, 14:18
| #4 |
| /// the machine /// TB-Ausbilder | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Combofix löschen und neu laden, versuch es dann nochmal 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.08.2013, 06:48
| #5 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)Code:
ATTFilter ComboFix 13-08-16.03 - Paul 17.08.2013 7:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2713 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-17 bis 2013-08-17 ))))))))))))))))))))))))))))))
.
.
2013-08-17 05:41 . 2013-08-17 05:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-17 05:41 . 2013-08-17 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 06:29 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 06:29 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 06:29 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 06:29 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 06:29 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 06:29 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-13 16:30 . 2013-08-13 16:30 -------- d-----w- C:\FRST
2013-08-10 17:04 . 2013-08-10 17:06 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype
2013-08-10 17:04 . 2013-08-10 17:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-10 17:04 . 2013-08-10 17:04 -------- d-----r- c:\program files (x86)\Skype
2013-08-10 17:03 . 2013-08-10 17:04 -------- d-----w- c:\programdata\Skype
2013-07-30 15:44 . 2013-07-30 15:44 -------- d-----w- C:\NvidiaLogging
2013-07-30 15:42 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-07-30 15:42 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-07-30 15:42 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-07-30 15:42 . 2013-07-30 15:42 -------- d-----w- c:\users\Paul\AppData\Local\NVIDIA
2013-07-26 23:06 . 2013-07-26 23:06 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-07-24 16:37 . 2013-08-14 06:33 -------- d-----w- c:\windows\system32\MRT
2013-07-21 11:43 . 2013-07-21 11:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-21 11:43 . 2013-07-21 11:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-21 11:42 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-21 11:42 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-21 11:37 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-21 11:37 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-21 11:37 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-21 11:37 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 11:37 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-21 11:37 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-21 11:37 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 11:36 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-21 11:35 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-21 11:35 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-21 11:35 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-21 11:35 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-21 11:35 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-21 11:35 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-21 11:35 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 06:32 . 2013-06-01 12:05 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 17:44 . 2013-06-01 12:20 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-08-07 17:44 . 2013-06-01 11:28 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-07-21 11:36 . 2013-06-01 11:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 11:36 . 2013-06-01 11:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 06:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 20:59 . 2013-04-15 16:38 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-21 12:06 . 2013-07-01 17:14 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 17:14 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 17:14 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 17:14 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 17:14 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 17:14 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 17:14 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 17:14 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 17:14 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-01 12:48 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-01 12:48 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-02-25 22:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-25 22:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-25 22:32 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-01 12:49 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-01 12:49 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-01 12:49 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-01 12:49 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-01 12:49 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-01 12:49 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-18 15:16 . 2013-04-15 16:38 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 16:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 16:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 16:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-15 16:38 348584 ----a-w- c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-15 16:38 437688 ----a-w- c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 16:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 16:38 344792 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 16:38 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 16:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-06-13 06:09 . 2013-06-13 06:09 55496 ----a-w- c:\windows\SysWow64\offreg.dll
2013-06-11 23:48 . 2013-06-11 22:48 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-02 20:37 . 2013-06-02 20:37 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-02 20:37 . 2013-06-02 20:37 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37 311200 ----a-w- c:\windows\system32\javaws.exe
2013-06-02 20:37 . 2013-06-02 20:37 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37 188832 ----a-w- c:\windows\system32\javaw.exe
2013-06-02 20:37 . 2013-06-02 20:37 188320 ----a-w- c:\windows\system32\java.exe
2013-06-01 12:39 . 2013-06-01 12:39 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-01 12:39 . 2013-06-01 12:39 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-01 12:39 . 2013-06-01 12:39 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-01 12:39 . 2013-06-01 12:39 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-01 12:39 . 2013-06-01 12:39 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-01 12:39 . 2013-06-01 12:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-01 12:39 . 2013-06-01 12:39 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-01 12:39 . 2013-06-01 12:39 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-01 12:39 . 2013-06-01 12:39 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-01 12:39 . 2013-06-01 12:39 441856 ----a-w- c:\windows\system32\html.iec
2013-06-01 12:39 . 2013-06-01 12:39 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-01 12:39 . 2013-06-01 12:39 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-01 12:39 . 2013-06-01 12:39 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-01 12:39 . 2013-06-01 12:39 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-01 12:39 . 2013-06-01 12:39 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-01 12:39 . 2013-06-01 12:39 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-01 12:39 . 2013-06-01 12:39 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-01 12:39 . 2013-06-01 12:39 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-01 12:39 . 2013-06-01 12:39 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-01 12:39 . 2013-06-01 12:39 235008 ----a-w- c:\windows\system32\url.dll
2013-06-01 12:39 . 2013-06-01 12:39 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-01 12:39 . 2013-06-01 12:39 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-01 12:39 . 2013-06-01 12:39 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\programme\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: NameServer = 156.154.70.22,156.154.71.22
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-17 07:46:02
ComboFix-quarantined-files.txt 2013-08-17 05:46
.
Vor Suchlauf: 9 Verzeichnis(se), 26.170.535.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 26.589.069.312 Bytes frei
.
- - End Of File - - 6B020B379705BD7FA5540CE1A7E2D89F
A36C5E4F47E84449FF07ED3517B43A31
|
|
17.08.2013, 23:38
| #6 |
| /// the machine /// TB-Ausbilder | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) |
|
19.08.2013, 14:32
| #7 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)Code:
ATTFilter 15:30:11.0249 5268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:30:11.0537 5268 ============================================================
15:30:11.0537 5268 Current date / time: 2013/08/19 15:30:11.0537
15:30:11.0537 5268 SystemInfo:
15:30:11.0537 5268
15:30:11.0537 5268 OS Version: 6.1.7601 ServicePack: 1.0
15:30:11.0537 5268 Product type: Workstation
15:30:11.0538 5268 ComputerName: PAUL-PC
15:30:11.0538 5268 UserName: Paul
15:30:11.0538 5268 Windows directory: C:\Windows
15:30:11.0538 5268 System windows directory: C:\Windows
15:30:11.0538 5268 Running under WOW64
15:30:11.0538 5268 Processor architecture: Intel x64
15:30:11.0538 5268 Number of processors: 4
15:30:11.0538 5268 Page size: 0x1000
15:30:11.0538 5268 Boot type: Normal boot
15:30:11.0538 5268 ============================================================
15:30:12.0665 5268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:30:12.0698 5268 ============================================================
15:30:12.0698 5268 \Device\Harddisk0\DR0:
15:30:12.0701 5268 MBR partitions:
15:30:12.0701 5268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:30:12.0701 5268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6B3A000
15:30:12.0701 5268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6B6C800, BlocksNum 0x6DB99800
15:30:12.0701 5268 ============================================================
15:30:12.0716 5268 C: <-> \Device\Harddisk0\DR0\Partition2
15:30:12.0736 5268 D: <-> \Device\Harddisk0\DR0\Partition3
15:30:12.0737 5268 ============================================================
15:30:12.0737 5268 Initialize success
15:30:12.0737 5268 ============================================================
15:30:45.0173 5700 ============================================================
15:30:45.0174 5700 Scan started
15:30:45.0174 5700 Mode: Manual; SigCheck; TDLFS;
15:30:45.0174 5700 ============================================================
15:30:48.0218 5700 ================ Scan system memory ========================
15:30:48.0218 5700 System memory - ok
15:30:48.0219 5700 ================ Scan services =============================
15:30:48.0338 5700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:30:48.0427 5700 1394ohci - ok
15:30:48.0447 5700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:30:48.0466 5700 ACPI - ok
15:30:48.0484 5700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:30:48.0525 5700 AcpiPmi - ok
15:30:48.0586 5700 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:30:48.0601 5700 AdobeARMservice - ok
15:30:48.0683 5700 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:30:48.0699 5700 AdobeFlashPlayerUpdateSvc - ok
15:30:48.0730 5700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:30:48.0752 5700 adp94xx - ok
15:30:48.0774 5700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:30:48.0791 5700 adpahci - ok
15:30:48.0800 5700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:30:48.0815 5700 adpu320 - ok
15:30:48.0835 5700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:30:48.0917 5700 AeLookupSvc - ok
15:30:48.0950 5700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:30:48.0996 5700 AFD - ok
15:30:49.0022 5700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:30:49.0036 5700 agp440 - ok
15:30:49.0054 5700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:30:49.0084 5700 ALG - ok
15:30:49.0106 5700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:30:49.0119 5700 aliide - ok
15:30:49.0131 5700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:30:49.0146 5700 amdide - ok
15:30:49.0168 5700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:30:49.0190 5700 AmdK8 - ok
15:30:49.0205 5700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:30:49.0240 5700 AmdPPM - ok
15:30:49.0255 5700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:30:49.0269 5700 amdsata - ok
15:30:49.0292 5700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:30:49.0308 5700 amdsbs - ok
15:30:49.0320 5700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:30:49.0333 5700 amdxata - ok
15:30:49.0356 5700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:30:49.0445 5700 AppID - ok
15:30:49.0462 5700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:30:49.0513 5700 AppIDSvc - ok
15:30:49.0533 5700 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
15:30:49.0565 5700 Appinfo - ok
15:30:49.0605 5700 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:30:49.0618 5700 Apple Mobile Device - ok
15:30:49.0655 5700 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:30:49.0682 5700 AppMgmt - ok
15:30:49.0695 5700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:30:49.0709 5700 arc - ok
15:30:49.0729 5700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:30:49.0743 5700 arcsas - ok
15:30:49.0816 5700 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:30:49.0848 5700 aspnet_state - ok
15:30:49.0862 5700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:49.0915 5700 AsyncMac - ok
15:30:49.0937 5700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:30:49.0950 5700 atapi - ok
15:30:49.0998 5700 [ 36322190763845975E0D001E90687BF2 ] athur C:\Windows\system32\DRIVERS\athurx.sys
15:30:50.0054 5700 athur - ok
15:30:50.0085 5700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:30:50.0145 5700 AudioEndpointBuilder - ok
15:30:50.0156 5700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:30:50.0198 5700 AudioSrv - ok
15:30:50.0218 5700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:30:50.0267 5700 AxInstSV - ok
15:30:50.0293 5700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:30:50.0327 5700 b06bdrv - ok
15:30:50.0343 5700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:30:50.0375 5700 b57nd60a - ok
15:30:50.0405 5700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:30:50.0430 5700 BDESVC - ok
15:30:50.0448 5700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:30:50.0488 5700 Beep - ok
15:30:50.0514 5700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:30:50.0566 5700 BFE - ok
15:30:50.0595 5700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:30:50.0656 5700 BITS - ok
15:30:50.0675 5700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:30:50.0699 5700 blbdrive - ok
15:30:50.0742 5700 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:30:50.0758 5700 Bonjour Service - ok
15:30:50.0786 5700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:30:50.0814 5700 bowser - ok
15:30:50.0838 5700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:30:50.0875 5700 BrFiltLo - ok
15:30:50.0890 5700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:30:50.0907 5700 BrFiltUp - ok
15:30:50.0940 5700 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:30:50.0986 5700 BridgeMP - ok
15:30:51.0019 5700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:30:51.0041 5700 Browser - ok
15:30:51.0053 5700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:30:51.0101 5700 Brserid - ok
15:30:51.0119 5700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:30:51.0149 5700 BrSerWdm - ok
15:30:51.0167 5700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:30:51.0192 5700 BrUsbMdm - ok
15:30:51.0202 5700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:30:51.0223 5700 BrUsbSer - ok
15:30:51.0239 5700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:30:51.0263 5700 BTHMODEM - ok
15:30:51.0288 5700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:30:51.0324 5700 bthserv - ok
15:30:51.0337 5700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:30:51.0379 5700 cdfs - ok
15:30:51.0405 5700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:30:51.0436 5700 cdrom - ok
15:30:51.0459 5700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:30:51.0498 5700 CertPropSvc - ok
15:30:51.0503 5700 CFRMD - ok
15:30:51.0520 5700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:30:51.0547 5700 circlass - ok
15:30:51.0573 5700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:30:51.0593 5700 CLFS - ok
15:30:51.0635 5700 [ 702FDEA429C9418E82DA17176D71A257 ] CLPSLauncher C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
15:30:51.0651 5700 CLPSLauncher - ok
15:30:51.0683 5700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:51.0699 5700 clr_optimization_v2.0.50727_32 - ok
15:30:51.0730 5700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:30:51.0742 5700 clr_optimization_v2.0.50727_64 - ok
15:30:51.0785 5700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:51.0850 5700 clr_optimization_v4.0.30319_32 - ok
15:30:51.0865 5700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:30:51.0890 5700 clr_optimization_v4.0.30319_64 - ok
15:30:51.0910 5700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:30:51.0930 5700 CmBatt - ok
15:30:52.0069 5700 [ D996E50B7CE4B9740697A21F9B25409C ] cmdAgent D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
15:30:52.0182 5700 cmdAgent - ok
15:30:52.0204 5700 [ 61B161931BE763DE43FF9E61E7F2B553 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
15:30:52.0217 5700 cmderd - ok
15:30:52.0243 5700 [ DE55A7F8A567924997EE76C3D886ED48 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
15:30:52.0266 5700 cmdGuard - ok
15:30:52.0279 5700 [ 019C060753B4CB99BACF06569F03FF7F ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
15:30:52.0291 5700 cmdHlp - ok
15:30:52.0303 5700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:30:52.0316 5700 cmdide - ok
15:30:52.0338 5700 [ BB2B324DAD05112164F86D85CC4B8880 ] cmdvirth D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe
15:30:52.0351 5700 cmdvirth - ok
15:30:52.0382 5700 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:30:52.0408 5700 CNG - ok
15:30:52.0422 5700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:30:52.0435 5700 Compbatt - ok
15:30:52.0459 5700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:30:52.0482 5700 CompositeBus - ok
15:30:52.0491 5700 COMSysApp - ok
15:30:52.0503 5700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:30:52.0517 5700 crcdisk - ok
15:30:52.0545 5700 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:30:52.0578 5700 CryptSvc - ok
15:30:52.0602 5700 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:30:52.0644 5700 CSC - ok
15:30:52.0669 5700 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:30:52.0699 5700 CscService - ok
15:30:52.0739 5700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:30:52.0791 5700 DcomLaunch - ok
15:30:52.0820 5700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:30:52.0869 5700 defragsvc - ok
15:30:52.0888 5700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:30:52.0926 5700 DfsC - ok
15:30:52.0942 5700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:30:52.0989 5700 Dhcp - ok
15:30:53.0011 5700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:30:53.0052 5700 discache - ok
15:30:53.0078 5700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:30:53.0092 5700 Disk - ok
15:30:53.0115 5700 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:30:53.0148 5700 dmvsc - ok
15:30:53.0165 5700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:30:53.0191 5700 Dnscache - ok
15:30:53.0214 5700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:30:53.0256 5700 dot3svc - ok
15:30:53.0271 5700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:30:53.0316 5700 DPS - ok
15:30:53.0382 5700 [ 308195495181C8F3D51E6ED5B58D54AC ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
15:30:53.0424 5700 DragonUpdater - ok
15:30:53.0446 5700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:30:53.0476 5700 drmkaud - ok
15:30:53.0513 5700 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:30:53.0539 5700 DXGKrnl - ok
15:30:53.0568 5700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:30:53.0607 5700 EapHost - ok
15:30:53.0671 5700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:30:53.0739 5700 ebdrv - ok
15:30:53.0768 5700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:30:53.0804 5700 EFS - ok
15:30:53.0846 5700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:30:53.0891 5700 ehRecvr - ok
15:30:53.0900 5700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:30:53.0923 5700 ehSched - ok
15:30:53.0948 5700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:30:53.0970 5700 elxstor - ok
15:30:53.0979 5700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:30:53.0998 5700 ErrDev - ok
15:30:54.0039 5700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:30:54.0086 5700 EventSystem - ok
15:30:54.0104 5700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:30:54.0142 5700 exfat - ok
15:30:54.0166 5700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:30:54.0225 5700 fastfat - ok
15:30:54.0255 5700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:30:54.0305 5700 Fax - ok
15:30:54.0314 5700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:30:54.0338 5700 fdc - ok
15:30:54.0361 5700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:30:54.0398 5700 fdPHost - ok
15:30:54.0408 5700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:30:54.0449 5700 FDResPub - ok
15:30:54.0483 5700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:30:54.0496 5700 FileInfo - ok
15:30:54.0507 5700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:30:54.0547 5700 Filetrace - ok
15:30:54.0562 5700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:30:54.0578 5700 flpydisk - ok
15:30:54.0600 5700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:30:54.0617 5700 FltMgr - ok
15:30:54.0655 5700 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:30:54.0693 5700 FontCache - ok
15:30:54.0718 5700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:30:54.0729 5700 FontCache3.0.0.0 - ok
15:30:54.0744 5700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:30:54.0758 5700 FsDepends - ok
15:30:54.0781 5700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:30:54.0794 5700 Fs_Rec - ok
15:30:54.0822 5700 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:30:54.0841 5700 fvevol - ok
15:30:54.0861 5700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:30:54.0875 5700 gagp30kx - ok
15:30:54.0899 5700 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:30:54.0910 5700 GEARAspiWDM - ok
15:30:54.0958 5700 [ AE63D0DB96C07CAE5DC4CDB2B2A719A0 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
15:30:54.0996 5700 GeekBuddyRSP - ok
15:30:55.0028 5700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:30:55.0073 5700 gpsvc - ok
15:30:55.0098 5700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:30:55.0127 5700 hcw85cir - ok
15:30:55.0155 5700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:30:55.0185 5700 HdAudAddService - ok
15:30:55.0213 5700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:30:55.0240 5700 HDAudBus - ok
15:30:55.0259 5700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:30:55.0274 5700 HidBatt - ok
15:30:55.0290 5700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:30:55.0311 5700 HidBth - ok
15:30:55.0323 5700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:30:55.0341 5700 HidIr - ok
15:30:55.0361 5700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:30:55.0410 5700 hidserv - ok
15:30:55.0433 5700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:30:55.0447 5700 HidUsb - ok
15:30:55.0463 5700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:30:55.0512 5700 hkmsvc - ok
15:30:55.0534 5700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:30:55.0572 5700 HomeGroupListener - ok
15:30:55.0599 5700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:30:55.0620 5700 HomeGroupProvider - ok
15:30:55.0645 5700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:30:55.0659 5700 HpSAMD - ok
15:30:55.0688 5700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:30:55.0738 5700 HTTP - ok
15:30:55.0754 5700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:30:55.0767 5700 hwpolicy - ok
15:30:55.0781 5700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:30:55.0798 5700 i8042prt - ok
15:30:55.0825 5700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:30:55.0844 5700 iaStorV - ok
15:30:55.0885 5700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:30:55.0907 5700 idsvc - ok
15:30:55.0926 5700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:30:55.0939 5700 iirsp - ok
15:30:55.0968 5700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:30:56.0023 5700 IKEEXT - ok
15:30:56.0056 5700 [ 90E3AA0093BDD43C6EAD3985F039F1D8 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
15:30:56.0069 5700 inspect - ok
15:30:56.0078 5700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:30:56.0091 5700 intelide - ok
15:30:56.0105 5700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:30:56.0129 5700 intelppm - ok
15:30:56.0152 5700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:30:56.0192 5700 IPBusEnum - ok
15:30:56.0215 5700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:30:56.0250 5700 IpFilterDriver - ok
15:30:56.0270 5700 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:30:56.0311 5700 iphlpsvc - ok
15:30:56.0324 5700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:30:56.0348 5700 IPMIDRV - ok
15:30:56.0354 5700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:30:56.0397 5700 IPNAT - ok
15:30:56.0445 5700 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:30:56.0464 5700 iPod Service - ok
15:30:56.0480 5700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:30:56.0506 5700 IRENUM - ok
15:30:56.0519 5700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:30:56.0532 5700 isapnp - ok
15:30:56.0560 5700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:30:56.0577 5700 iScsiPrt - ok
15:30:56.0586 5700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:30:56.0599 5700 kbdclass - ok
15:30:56.0612 5700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:30:56.0637 5700 kbdhid - ok
15:30:56.0659 5700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:30:56.0674 5700 KeyIso - ok
15:30:56.0698 5700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:30:56.0714 5700 KSecDD - ok
15:30:56.0735 5700 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:30:56.0750 5700 KSecPkg - ok
15:30:56.0768 5700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:30:56.0807 5700 ksthunk - ok
15:30:56.0834 5700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:30:56.0883 5700 KtmRm - ok
15:30:56.0908 5700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:30:56.0954 5700 LanmanServer - ok
15:30:56.0978 5700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:30:57.0024 5700 LanmanWorkstation - ok
15:30:57.0051 5700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:30:57.0095 5700 lltdio - ok
15:30:57.0115 5700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:30:57.0164 5700 lltdsvc - ok
15:30:57.0185 5700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:30:57.0231 5700 lmhosts - ok
15:30:57.0264 5700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:30:57.0281 5700 LSI_FC - ok
15:30:57.0287 5700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:30:57.0304 5700 LSI_SAS - ok
15:30:57.0309 5700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:30:57.0324 5700 LSI_SAS2 - ok
15:30:57.0331 5700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:30:57.0346 5700 LSI_SCSI - ok
15:30:57.0356 5700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:30:57.0400 5700 luafv - ok
15:30:57.0425 5700 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:30:57.0438 5700 MBAMProtector - ok
15:30:57.0476 5700 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:30:57.0495 5700 MBAMScheduler - ok
15:30:57.0519 5700 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:30:57.0539 5700 MBAMService - ok
15:30:57.0566 5700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:30:57.0593 5700 Mcx2Svc - ok
15:30:57.0610 5700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:30:57.0623 5700 megasas - ok
15:30:57.0638 5700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:30:57.0655 5700 MegaSR - ok
15:30:57.0688 5700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:30:57.0733 5700 MMCSS - ok
15:30:57.0748 5700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:30:57.0795 5700 Modem - ok
15:30:57.0813 5700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:30:57.0833 5700 monitor - ok
15:30:57.0861 5700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:30:57.0875 5700 mouclass - ok
15:30:57.0897 5700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:30:57.0924 5700 mouhid - ok
15:30:57.0947 5700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:30:57.0962 5700 mountmgr - ok
15:30:57.0971 5700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:30:57.0987 5700 mpio - ok
15:30:58.0004 5700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:30:58.0042 5700 mpsdrv - ok
15:30:58.0072 5700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:30:58.0129 5700 MpsSvc - ok
15:30:58.0136 5700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:30:58.0164 5700 MRxDAV - ok
15:30:58.0186 5700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:30:58.0219 5700 mrxsmb - ok
15:30:58.0236 5700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:30:58.0253 5700 mrxsmb10 - ok
15:30:58.0265 5700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:30:58.0280 5700 mrxsmb20 - ok
15:30:58.0291 5700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:30:58.0304 5700 msahci - ok
15:30:58.0315 5700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:30:58.0331 5700 msdsm - ok
15:30:58.0344 5700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:30:58.0368 5700 MSDTC - ok
15:30:58.0397 5700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:30:58.0440 5700 Msfs - ok
15:30:58.0450 5700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:30:58.0486 5700 mshidkmdf - ok
15:30:58.0496 5700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:30:58.0509 5700 msisadrv - ok
15:30:58.0535 5700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:30:58.0583 5700 MSiSCSI - ok
15:30:58.0589 5700 msiserver - ok
15:30:58.0612 5700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:30:58.0657 5700 MSKSSRV - ok
15:30:58.0678 5700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:30:58.0724 5700 MSPCLOCK - ok
15:30:58.0729 5700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:30:58.0771 5700 MSPQM - ok
15:30:58.0786 5700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:30:58.0805 5700 MsRPC - ok
15:30:58.0820 5700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:30:58.0834 5700 mssmbios - ok
15:30:58.0855 5700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:30:58.0893 5700 MSTEE - ok
15:30:58.0907 5700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:30:58.0922 5700 MTConfig - ok
15:30:58.0943 5700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:30:58.0956 5700 Mup - ok
15:30:58.0986 5700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:30:59.0033 5700 napagent - ok
15:30:59.0067 5700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:30:59.0104 5700 NativeWifiP - ok
15:30:59.0133 5700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:30:59.0165 5700 NDIS - ok
15:30:59.0190 5700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:30:59.0226 5700 NdisCap - ok
15:30:59.0247 5700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:30:59.0282 5700 NdisTapi - ok
15:30:59.0300 5700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:30:59.0344 5700 Ndisuio - ok
15:30:59.0357 5700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:30:59.0402 5700 NdisWan - ok
15:30:59.0420 5700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:30:59.0465 5700 NDProxy - ok
15:30:59.0486 5700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:30:59.0525 5700 NetBIOS - ok
15:30:59.0541 5700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:30:59.0578 5700 NetBT - ok
15:30:59.0583 5700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:30:59.0598 5700 Netlogon - ok
15:30:59.0615 5700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:30:59.0662 5700 Netman - ok
15:30:59.0675 5700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0700 5700 NetMsmqActivator - ok
15:30:59.0713 5700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0726 5700 NetPipeActivator - ok
15:30:59.0745 5700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:30:59.0790 5700 netprofm - ok
15:30:59.0804 5700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0816 5700 NetTcpActivator - ok
15:30:59.0821 5700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:59.0833 5700 NetTcpPortSharing - ok
15:30:59.0857 5700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:30:59.0870 5700 nfrd960 - ok
15:30:59.0888 5700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:30:59.0915 5700 NlaSvc - ok
15:30:59.0927 5700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:30:59.0965 5700 Npfs - ok
15:30:59.0981 5700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:31:00.0025 5700 nsi - ok
15:31:00.0039 5700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:31:00.0084 5700 nsiproxy - ok
15:31:00.0128 5700 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:31:00.0170 5700 Ntfs - ok
15:31:00.0186 5700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:31:00.0227 5700 Null - ok
15:31:00.0254 5700 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
15:31:00.0281 5700 NVENETFD - ok
15:31:00.0305 5700 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:31:00.0320 5700 NVHDA - ok
15:31:00.0502 5700 [ EE6B7B6A54BCAFF516E30B1C15467495 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:31:00.0674 5700 nvlddmkm - ok
15:31:00.0697 5700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:31:00.0713 5700 nvraid - ok
15:31:00.0744 5700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:31:00.0764 5700 nvstor - ok
15:31:01.0030 5700 [ 912602BB857F31BAAD644C993D0E5F8D ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
15:31:01.0250 5700 NvStreamSvc - ok
15:31:01.0289 5700 [ 25626309AD2F81D47C829CCB5E46E478 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:31:01.0314 5700 nvsvc - ok
15:31:01.0369 5700 [ 056EF5C4AF4BD002AEAE417412C8EB71 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:31:01.0408 5700 nvUpdatusService - ok
15:31:01.0434 5700 [ 92E4BEE1A9EC0572F794B5BAECC0B599 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:31:01.0447 5700 nvvad_WaveExtensible - ok
15:31:01.0467 5700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:31:01.0482 5700 nv_agp - ok
15:31:01.0499 5700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:31:01.0523 5700 ohci1394 - ok
15:31:01.0546 5700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:31:01.0584 5700 p2pimsvc - ok
15:31:01.0606 5700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:31:01.0628 5700 p2psvc - ok
15:31:01.0635 5700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:31:01.0659 5700 Parport - ok
15:31:01.0681 5700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:31:01.0696 5700 partmgr - ok
15:31:01.0710 5700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:31:01.0742 5700 PcaSvc - ok
15:31:01.0767 5700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:31:01.0782 5700 pci - ok
15:31:01.0790 5700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:31:01.0803 5700 pciide - ok
15:31:01.0822 5700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:31:01.0839 5700 pcmcia - ok
15:31:01.0852 5700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:31:01.0865 5700 pcw - ok
15:31:01.0882 5700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:31:01.0934 5700 PEAUTH - ok
15:31:01.0976 5700 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:31:02.0022 5700 PeerDistSvc - ok
15:31:02.0068 5700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:31:02.0091 5700 PerfHost - ok
15:31:02.0137 5700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:31:02.0197 5700 pla - ok
15:31:02.0235 5700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:31:02.0267 5700 PlugPlay - ok
15:31:02.0286 5700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:31:02.0311 5700 PNRPAutoReg - ok
15:31:02.0329 5700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:31:02.0347 5700 PNRPsvc - ok
15:31:02.0371 5700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:31:02.0421 5700 PolicyAgent - ok
15:31:02.0437 5700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:31:02.0486 5700 Power - ok
15:31:02.0509 5700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:31:02.0552 5700 PptpMiniport - ok
15:31:02.0588 5700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:31:02.0612 5700 Processor - ok
15:31:02.0633 5700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:31:02.0670 5700 ProfSvc - ok
15:31:02.0683 5700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:31:02.0698 5700 ProtectedStorage - ok
15:31:02.0716 5700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:31:02.0758 5700 Psched - ok
15:31:02.0807 5700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:31:02.0847 5700 ql2300 - ok
15:31:02.0864 5700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:31:02.0880 5700 ql40xx - ok
15:31:02.0904 5700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:31:02.0927 5700 QWAVE - ok
15:31:02.0933 5700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:31:02.0959 5700 QWAVEdrv - ok
15:31:02.0973 5700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:31:03.0011 5700 RasAcd - ok
15:31:03.0033 5700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:31:03.0071 5700 RasAgileVpn - ok
15:31:03.0084 5700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:31:03.0124 5700 RasAuto - ok
15:31:03.0149 5700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:03.0197 5700 Rasl2tp - ok
15:31:03.0225 5700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:31:03.0265 5700 RasMan - ok
15:31:03.0289 5700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:03.0338 5700 RasPppoe - ok
15:31:03.0357 5700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:31:03.0403 5700 RasSstp - ok
15:31:03.0422 5700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:31:03.0469 5700 rdbss - ok
15:31:03.0487 5700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:31:03.0511 5700 rdpbus - ok
15:31:03.0523 5700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:03.0559 5700 RDPCDD - ok
15:31:03.0582 5700 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:31:03.0601 5700 RDPDR - ok
15:31:03.0616 5700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:31:03.0658 5700 RDPENCDD - ok
15:31:03.0675 5700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:31:03.0713 5700 RDPREFMP - ok
15:31:03.0756 5700 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:31:03.0792 5700 RdpVideoMiniport - ok
15:31:03.0817 5700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:31:03.0846 5700 RDPWD - ok
15:31:03.0863 5700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:31:03.0881 5700 rdyboost - ok
15:31:03.0905 5700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:31:03.0942 5700 RemoteAccess - ok
15:31:03.0959 5700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:31:04.0006 5700 RemoteRegistry - ok
15:31:04.0018 5700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:31:04.0055 5700 RpcEptMapper - ok
15:31:04.0067 5700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:31:04.0091 5700 RpcLocator - ok
15:31:04.0112 5700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:31:04.0151 5700 RpcSs - ok
15:31:04.0177 5700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:31:04.0216 5700 rspndr - ok
15:31:04.0241 5700 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:31:04.0262 5700 s3cap - ok
15:31:04.0275 5700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:31:04.0291 5700 SamSs - ok
15:31:04.0307 5700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:31:04.0321 5700 sbp2port - ok
15:31:04.0344 5700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:31:04.0382 5700 SCardSvr - ok
15:31:04.0391 5700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:31:04.0435 5700 scfilter - ok
15:31:04.0468 5700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:31:04.0527 5700 Schedule - ok
15:31:04.0549 5700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:31:04.0584 5700 SCPolicySvc - ok
15:31:04.0598 5700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:31:04.0631 5700 SDRSVC - ok
15:31:04.0660 5700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:31:04.0704 5700 secdrv - ok
15:31:04.0723 5700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:31:04.0758 5700 seclogon - ok
15:31:04.0771 5700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:31:04.0809 5700 SENS - ok
15:31:04.0818 5700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:31:04.0841 5700 SensrSvc - ok
15:31:04.0855 5700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:31:04.0881 5700 Serenum - ok
15:31:04.0908 5700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:31:04.0930 5700 Serial - ok
15:31:04.0952 5700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:31:04.0977 5700 sermouse - ok
15:31:05.0005 5700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:31:05.0048 5700 SessionEnv - ok
15:31:05.0059 5700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:31:05.0077 5700 sffdisk - ok
15:31:05.0085 5700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:31:05.0104 5700 sffp_mmc - ok
15:31:05.0113 5700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:31:05.0139 5700 sffp_sd - ok
15:31:05.0154 5700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:31:05.0176 5700 sfloppy - ok
15:31:05.0195 5700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:31:05.0245 5700 SharedAccess - ok
15:31:05.0269 5700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:31:05.0318 5700 ShellHWDetection - ok
15:31:05.0340 5700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:31:05.0354 5700 SiSRaid2 - ok
15:31:05.0360 5700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:31:05.0375 5700 SiSRaid4 - ok
15:31:05.0396 5700 [ 004179B6C039D39B71FBE3D07C5DFE79 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:31:05.0409 5700 SkypeUpdate - ok
15:31:05.0419 5700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:31:05.0467 5700 Smb - ok
15:31:05.0492 5700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:31:05.0520 5700 SNMPTRAP - ok
15:31:05.0535 5700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:31:05.0548 5700 spldr - ok
15:31:05.0580 5700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:31:05.0608 5700 Spooler - ok
15:31:05.0673 5700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:31:05.0750 5700 sppsvc - ok
15:31:05.0764 5700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:31:05.0802 5700 sppuinotify - ok
15:31:05.0828 5700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:31:05.0859 5700 srv - ok
15:31:05.0874 5700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:31:05.0899 5700 srv2 - ok
15:31:05.0915 5700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:31:05.0931 5700 srvnet - ok
15:31:05.0957 5700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:31:05.0997 5700 SSDPSRV - ok
15:31:06.0007 5700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:31:06.0044 5700 SstpSvc - ok
15:31:06.0087 5700 [ 2222073BE0232E70A397B8302293AA9D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:31:06.0108 5700 Stereo Service - ok
15:31:06.0131 5700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:31:06.0144 5700 stexstor - ok
15:31:06.0175 5700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:31:06.0208 5700 stisvc - ok
15:31:06.0229 5700 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:31:06.0242 5700 storflt - ok
15:31:06.0254 5700 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:31:06.0286 5700 StorSvc - ok
15:31:06.0295 5700 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:31:06.0308 5700 storvsc - ok
15:31:06.0326 5700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:31:06.0339 5700 swenum - ok
15:31:06.0365 5700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:31:06.0419 5700 swprv - ok
15:31:06.0461 5700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:31:06.0512 5700 SysMain - ok
15:31:06.0526 5700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:31:06.0548 5700 TabletInputService - ok
15:31:06.0569 5700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:31:06.0627 5700 TapiSrv - ok
15:31:06.0647 5700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:31:06.0684 5700 TBS - ok
15:31:06.0728 5700 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:31:06.0774 5700 Tcpip - ok
15:31:06.0802 5700 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:31:06.0842 5700 TCPIP6 - ok
15:31:06.0863 5700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:31:06.0877 5700 tcpipreg - ok
15:31:06.0893 5700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:31:06.0927 5700 TDPIPE - ok
15:31:06.0945 5700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:31:06.0969 5700 TDTCP - ok
15:31:06.0991 5700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:31:07.0028 5700 tdx - ok
15:31:07.0040 5700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:31:07.0053 5700 TermDD - ok
15:31:07.0079 5700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:31:07.0124 5700 TermService - ok
15:31:07.0134 5700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:31:07.0155 5700 Themes - ok
15:31:07.0170 5700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:31:07.0209 5700 THREADORDER - ok
15:31:07.0225 5700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:31:07.0273 5700 TrkWks - ok
15:31:07.0302 5700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:31:07.0337 5700 TrustedInstaller - ok
15:31:07.0354 5700 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:07.0377 5700 tssecsrv - ok
15:31:07.0403 5700 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:31:07.0433 5700 TsUsbFlt - ok
15:31:07.0455 5700 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:31:07.0469 5700 TsUsbGD - ok
15:31:07.0500 5700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:31:07.0540 5700 tunnel - ok
15:31:07.0550 5700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:31:07.0565 5700 uagp35 - ok
15:31:07.0583 5700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:31:07.0625 5700 udfs - ok
15:31:07.0652 5700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:31:07.0675 5700 UI0Detect - ok
15:31:07.0684 5700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:31:07.0700 5700 uliagpkx - ok
15:31:07.0732 5700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:31:07.0754 5700 umbus - ok
15:31:07.0772 5700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:31:07.0794 5700 UmPass - ok
15:31:07.0817 5700 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:31:07.0841 5700 UmRdpService - ok
15:31:07.0864 5700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:31:07.0912 5700 upnphost - ok
15:31:07.0947 5700 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:31:07.0970 5700 USBAAPL64 - ok
15:31:08.0011 5700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:31:08.0040 5700 usbaudio - ok
15:31:08.0073 5700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:08.0103 5700 usbccgp - ok
15:31:08.0127 5700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:31:08.0146 5700 usbcir - ok
15:31:08.0161 5700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:31:08.0188 5700 usbehci - ok
15:31:08.0223 5700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:31:08.0250 5700 usbhub - ok
15:31:08.0267 5700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:31:08.0286 5700 usbohci - ok
15:31:08.0307 5700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:31:08.0328 5700 usbprint - ok
15:31:08.0338 5700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:08.0364 5700 USBSTOR - ok
15:31:08.0377 5700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:31:08.0400 5700 usbuhci - ok
15:31:08.0418 5700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:31:08.0462 5700 UxSms - ok
15:31:08.0482 5700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:31:08.0497 5700 VaultSvc - ok
15:31:08.0523 5700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:31:08.0537 5700 vdrvroot - ok
15:31:08.0555 5700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:31:08.0605 5700 vds - ok
15:31:08.0620 5700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:08.0637 5700 vga - ok
15:31:08.0646 5700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:31:08.0691 5700 VgaSave - ok
15:31:08.0698 5700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:31:08.0715 5700 vhdmp - ok
15:31:08.0731 5700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:31:08.0744 5700 viaide - ok
15:31:08.0768 5700 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:31:08.0783 5700 vmbus - ok
15:31:08.0795 5700 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:31:08.0814 5700 VMBusHID - ok
15:31:08.0828 5700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:31:08.0843 5700 volmgr - ok
15:31:08.0860 5700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:31:08.0879 5700 volmgrx - ok
15:31:08.0895 5700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:31:08.0914 5700 volsnap - ok
15:31:08.0936 5700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:31:08.0952 5700 vsmraid - ok
15:31:08.0993 5700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:31:09.0059 5700 VSS - ok
15:31:09.0081 5700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:31:09.0106 5700 vwifibus - ok
15:31:09.0125 5700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:31:09.0154 5700 vwififlt - ok
15:31:09.0175 5700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:31:09.0220 5700 W32Time - ok
15:31:09.0238 5700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:31:09.0259 5700 WacomPen - ok
15:31:09.0284 5700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:31:09.0326 5700 WANARP - ok
15:31:09.0331 5700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:31:09.0366 5700 Wanarpv6 - ok
15:31:09.0404 5700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:31:09.0455 5700 wbengine - ok
15:31:09.0476 5700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:31:09.0500 5700 WbioSrvc - ok
15:31:09.0514 5700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:31:09.0544 5700 wcncsvc - ok
15:31:09.0559 5700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:31:09.0593 5700 WcsPlugInService - ok
15:31:09.0613 5700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:31:09.0626 5700 Wd - ok
15:31:09.0652 5700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:31:09.0680 5700 Wdf01000 - ok
15:31:09.0709 5700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:31:09.0943 5700 WdiServiceHost - ok
15:31:09.0950 5700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:31:09.0973 5700 WdiSystemHost - ok
15:31:09.0992 5700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:31:10.0023 5700 WebClient - ok
15:31:10.0051 5700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:31:10.0097 5700 Wecsvc - ok
15:31:10.0115 5700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:31:10.0153 5700 wercplsupport - ok
15:31:10.0170 5700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:31:10.0208 5700 WerSvc - ok
15:31:10.0233 5700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:31:10.0273 5700 WfpLwf - ok
15:31:10.0291 5700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:31:10.0304 5700 WIMMount - ok
15:31:10.0323 5700 WinDefend - ok
15:31:10.0343 5700 WinHttpAutoProxySvc - ok
15:31:10.0395 5700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:31:10.0447 5700 Winmgmt - ok
15:31:10.0499 5700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:31:10.0595 5700 WinRM - ok
15:31:10.0640 5700 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:31:10.0669 5700 WinUsb - ok
15:31:10.0699 5700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:31:10.0759 5700 Wlansvc - ok
15:31:10.0778 5700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:31:10.0792 5700 WmiAcpi - ok
15:31:10.0812 5700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:31:10.0837 5700 wmiApSrv - ok
15:31:10.0865 5700 WMPNetworkSvc - ok
15:31:10.0891 5700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:31:10.0922 5700 WPCSvc - ok
15:31:10.0935 5700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:31:10.0955 5700 WPDBusEnum - ok
15:31:10.0980 5700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:31:11.0021 5700 ws2ifsl - ok
15:31:11.0043 5700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:31:11.0080 5700 wscsvc - ok
15:31:11.0086 5700 WSearch - ok
15:31:11.0147 5700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:31:11.0226 5700 wuauserv - ok
15:31:11.0251 5700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:31:11.0282 5700 WudfPf - ok
15:31:11.0308 5700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:11.0341 5700 WUDFRd - ok
15:31:11.0366 5700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:31:11.0397 5700 wudfsvc - ok
15:31:11.0418 5700 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:31:11.0444 5700 WwanSvc - ok
15:31:11.0462 5700 ================ Scan global ===============================
15:31:11.0481 5700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:31:11.0508 5700 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:31:11.0523 5700 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:31:11.0551 5700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:31:11.0569 5700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:31:11.0573 5700 [Global] - ok
15:31:11.0573 5700 ================ Scan MBR ==================================
15:31:11.0580 5700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:31:11.0809 5700 \Device\Harddisk0\DR0 - ok
15:31:11.0810 5700 ================ Scan VBR ==================================
15:31:11.0813 5700 [ F29A84883D78A7AE317BB2E0D281638C ] \Device\Harddisk0\DR0\Partition1
15:31:11.0814 5700 \Device\Harddisk0\DR0\Partition1 - ok
15:31:11.0847 5700 [ 92FECA44CB22B3E92B545BDB655A30C5 ] \Device\Harddisk0\DR0\Partition2
15:31:11.0848 5700 \Device\Harddisk0\DR0\Partition2 - ok
15:31:11.0858 5700 [ 650275C481093A3AAC06A87BCB781A10 ] \Device\Harddisk0\DR0\Partition3
15:31:11.0859 5700 \Device\Harddisk0\DR0\Partition3 - ok
15:31:11.0859 5700 ============================================================
15:31:11.0859 5700 Scan finished
15:31:11.0859 5700 ============================================================
15:31:11.0872 5692 Detected object count: 0
15:31:11.0872 5692 Actual detected object count: 0
15:31:42.0300 5220 Deinitialize success
|
|
20.08.2013, 10:39
| #8 |
| /// the machine /// TB-Ausbilder | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Combofix löschen und neu laden, nochmal laufen lassen und bitte das Logfile posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.08.2013, 18:58
| #9 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)Code:
ATTFilter ComboFix 13-08-20.01 - Paul 21.08.2013 19:40:21.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2740 [GMT 2:00]
ausgeführt von:: c:\users\Paul\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache86\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-21 bis 2013-08-21 ))))))))))))))))))))))))))))))
.
.
2013-08-21 17:48 . 2013-08-21 17:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-21 17:48 . 2013-08-21 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-20 16:29 . 2013-08-20 16:29 -------- d-----w- c:\program files\iPod
2013-08-20 16:29 . 2013-08-20 16:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 16:29 . 2013-08-20 16:29 -------- d-----w- c:\program files\iTunes
2013-08-14 06:29 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 06:29 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 06:29 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 06:29 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 06:29 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:29 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 06:29 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-13 16:30 . 2013-08-13 16:30 -------- d-----w- C:\FRST
2013-08-10 17:04 . 2013-08-10 17:06 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype
2013-08-10 17:04 . 2013-08-10 17:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-10 17:04 . 2013-08-10 17:04 -------- d-----r- c:\program files (x86)\Skype
2013-08-10 17:03 . 2013-08-10 17:04 -------- d-----w- c:\programdata\Skype
2013-07-30 15:44 . 2013-07-30 15:44 -------- d-----w- C:\NvidiaLogging
2013-07-30 15:42 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-07-30 15:42 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-07-30 15:42 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-07-30 15:42 . 2013-07-30 15:42 -------- d-----w- c:\users\Paul\AppData\Local\NVIDIA
2013-07-26 23:06 . 2013-07-26 23:06 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-07-24 16:37 . 2013-08-14 06:33 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 06:32 . 2013-06-01 12:05 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 17:44 . 2013-06-01 12:20 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-08-07 17:44 . 2013-06-01 11:28 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-07-21 11:36 . 2013-06-01 11:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 11:36 . 2013-06-01 11:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 06:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 20:59 . 2013-04-15 16:38 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-21 12:06 . 2013-07-01 17:14 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-01 17:14 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-01 17:14 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-01 17:14 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-01 17:14 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-01 17:14 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-01 17:14 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-01 17:14 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-01 17:14 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-01 17:14 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-01 17:14 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-01 17:14 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-01 17:14 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-01 17:14 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-01 17:14 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-01 12:48 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2013-06-01 12:48 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-21 12:06 . 2013-02-25 22:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-25 22:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-25 22:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-25 22:32 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2013-06-01 12:49 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2013-06-01 12:49 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2013-06-01 12:49 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2013-06-01 12:49 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2013-06-01 12:49 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-21 10:23 . 2013-06-01 12:49 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-18 15:16 . 2013-04-15 16:38 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 16:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 16:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 16:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-15 16:38 348584 ----a-w- c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-15 16:38 437688 ----a-w- c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 16:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 16:38 344792 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 16:38 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 16:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-06-13 06:09 . 2013-06-13 06:09 55496 ----a-w- c:\windows\SysWow64\offreg.dll
2013-06-11 23:48 . 2013-06-11 22:48 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-05 03:34 . 2013-07-21 11:36 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-21 11:37 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-21 11:37 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-02 20:37 . 2013-06-02 20:37 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-02 20:37 . 2013-06-02 20:37 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37 311200 ----a-w- c:\windows\system32\javaws.exe
2013-06-02 20:37 . 2013-06-02 20:37 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-02 20:37 . 2013-06-02 20:37 188832 ----a-w- c:\windows\system32\javaw.exe
2013-06-02 20:37 . 2013-06-02 20:37 188320 ----a-w- c:\windows\system32\java.exe
2013-06-01 12:39 . 2013-06-01 12:39 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-01 12:39 . 2013-06-01 12:39 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-01 12:39 . 2013-06-01 12:39 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-01 12:39 . 2013-06-01 12:39 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-01 12:39 . 2013-06-01 12:39 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-01 12:39 . 2013-06-01 12:39 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-01 12:39 . 2013-06-01 12:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-01 12:39 . 2013-06-01 12:39 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-01 12:39 . 2013-06-01 12:39 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-01 12:39 . 2013-06-01 12:39 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-01 12:39 . 2013-06-01 12:39 441856 ----a-w- c:\windows\system32\html.iec
2013-06-01 12:39 . 2013-06-01 12:39 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-01 12:39 . 2013-06-01 12:39 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-01 12:39 . 2013-06-01 12:39 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-01 12:39 . 2013-06-01 12:39 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-01 12:39 . 2013-06-01 12:39 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-01 12:39 . 2013-06-01 12:39 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-01 12:39 . 2013-06-01 12:39 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-01 12:39 . 2013-06-01 12:39 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-01 12:39 . 2013-06-01 12:39 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-01 12:39 . 2013-06-01 12:39 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-01 12:39 . 2013-06-01 12:39 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-01 12:39 . 2013-06-01 12:39 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-01 12:39 . 2013-06-01 12:39 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-01 12:39 . 2013-06-01 12:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-01 12:39 . 2013-06-01 12:39 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-01 12:39 . 2013-06-01 12:39 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-01 12:39 . 2013-06-01 12:39 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-01 12:39 . 2013-06-01 12:39 235008 ----a-w- c:\windows\system32\url.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe;d:\programme\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-01 11:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\programme\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: NameServer = 156.154.70.22,156.154.71.22
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-21 19:57:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-21 17:57
.
Vor Suchlauf: 12 Verzeichnis(se), 26.980.790.272 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 26.765.307.904 Bytes frei
.
- - End Of File - - 629A624AE7D72BB5A858CEB8D238475E
A36C5E4F47E84449FF07ED3517B43A31
|
|
22.08.2013, 08:09
| #10 |
| /// the machine /// TB-Ausbilder | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.08.2013, 18:19
| #11 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.22.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Paul :: PAUL-PC [Administrator] 22.08.2013 18:38:15 mbam-log-2013-08-22 (18-38-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 240026 Laufzeit: 3 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.000 - Report created 22/08/2013 at 18:49:10
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
*************************
AdwCleaner[R0].txt - [633 octets] - [22/08/2013 18:48:41]
AdwCleaner[S0].txt - [555 octets] - [22/08/2013 18:49:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [614 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Professional x64
Ran by Paul on 22.08.2013 at 18:54:29,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.08.2013 at 19:14:17,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by Paul (administrator) on 22-08-2013 19:17:05
Running from C:\Users\Paul\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: [NameServer]156.154.70.22,156.154.71.22
==================== Services (Whitelisted) =================
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:52 - 2013-08-22 18:52 - 01021434 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
2013-08-22 18:47 - 2013-08-22 18:49 - 00000000 ____D C:\AdwCleaner
2013-08-22 18:47 - 2013-08-22 18:47 - 00975858 _____ C:\Users\Paul\Desktop\adwcleaner.exe
2013-08-22 18:34 - 2013-08-22 18:35 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-22 18:32 - 2013-08-22 18:32 - 01576476 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-17 07:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 07:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 07:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 08:37 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 08:37 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 08:37 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 08:37 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 08:37 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:37 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 08:36 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 08:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:28 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:28 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-10 19:04 - 2013-08-10 19:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:03 - 2013-08-10 19:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:42 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 17:42 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 17:42 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-24 18:37 - 2013-08-14 08:33 - 00000000 ____D C:\Windows\system32\MRT
==================== One Month Modified Files and Folders =======
2013-08-22 19:14 - 2013-08-22 19:14 - 00000624 _____ C:\Users\Paul\Desktop\JRT.txt
2013-08-22 18:57 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-08-22 18:57 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-08-22 18:57 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 18:57 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 18:57 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:52 - 2013-08-22 18:52 - 01021434 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
2013-08-22 18:50 - 2013-06-01 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-22 18:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 18:50 - 2009-07-14 06:51 - 00052801 _____ C:\Windows\setupact.log
2013-08-22 18:49 - 2013-08-22 18:47 - 00000000 ____D C:\AdwCleaner
2013-08-22 18:49 - 2013-06-01 13:29 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-22 18:49 - 2013-05-30 12:26 - 01530855 _____ C:\Windows\WindowsUpdate.log
2013-08-22 18:48 - 2013-06-01 13:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 18:47 - 2013-08-22 18:47 - 00975858 _____ C:\Users\Paul\Desktop\adwcleaner.exe
2013-08-22 18:35 - 2013-08-22 18:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-22 18:32 - 2013-08-22 18:32 - 01576476 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\Users\Paul\AppData\Local\PMB Files
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-21 20:49 - 2013-06-01 13:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 20:49 - 2013-06-01 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 20:49 - 2013-06-01 13:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-21 19:57 - 2013-06-07 12:41 - 00000000 ____D C:\Qoobox
2013-08-21 19:53 - 2013-06-07 12:40 - 00000000 ____D C:\Windows\erdnt
2013-08-21 19:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 19:49 - 2010-11-21 05:47 - 00006654 _____ C:\Windows\PFRO.log
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-20 18:24 - 2013-06-02 23:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-17 07:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 18:05 - 2013-06-28 14:31 - 00000000 ____D C:\Windows\Minidump
2013-08-14 09:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 08:33 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:32 - 2013-06-01 14:05 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-13 18:29 - 2013-05-30 12:26 - 00000000 ____D C:\Users\Paul
2013-08-10 19:06 - 2013-08-10 19:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:04 - 2013-08-10 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 19:44 - 2013-06-01 14:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-07 19:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:43 - 2013-06-01 14:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 17:43 - 2013-06-01 14:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:41 - 2013-06-01 14:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-26 07:13 - 2013-08-14 08:37 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 08:37 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 08:37 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 08:37 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 08:36 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-14 08:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-14 08:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 08:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 08:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 19:31
==================== End Of Log ============================
--- --- --- |
|
23.08.2013, 09:55
| #12 |
| /// the machine /// TB-Ausbilder | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.08.2013, 16:29
| #13 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5e5dfa7a573e4d4f87f53aa78e889373
# engine=14878
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-23 02:17:41
# local_time=2013-08-23 04:17:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 78660 15784705 0 0
# compatibility_mode=5893 16776574 100 94 2857794 128897311 0 0
# scanned=120766
# found=0
# cleaned=0
# scan_time=2524
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` COMODO Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.8.800.94 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by Paul (administrator) on 23-08-2013 17:24:06
Running from C:\Users\Paul\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1502424 2013-07-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{831AEE3E-3B00-4A76-B52C-DBD40E05948D}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E709E53F-9927-4713-B16D-1D3F456E239E}: [NameServer]156.154.70.22,156.154.71.22
==================== Services (Whitelisted) =================
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO)
S3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 MBAMScheduler; D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-23 16:47 - 2013-08-23 16:47 - 00891115 _____ C:\Users\Paul\Desktop\SecurityCheck.exe
2013-08-23 15:32 - 2013-08-23 15:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-23 15:30 - 2013-08-23 15:30 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:47 - 2013-08-22 18:49 - 00000000 ____D C:\AdwCleaner
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-17 07:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-17 07:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-17 07:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-17 07:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 08:37 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 08:37 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 08:37 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 08:37 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 08:37 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 08:37 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 08:37 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 08:37 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 08:37 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:37 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 08:36 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 08:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:28 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:28 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:28 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:28 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:28 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-10 19:04 - 2013-08-10 19:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:03 - 2013-08-10 19:04 - 00000000 ____D C:\ProgramData\Skype
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:42 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-30 17:42 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-30 17:42 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-24 18:37 - 2013-08-14 08:33 - 00000000 ____D C:\Windows\system32\MRT
==================== One Month Modified Files and Folders =======
2013-08-23 17:23 - 2013-08-23 17:23 - 01576474 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2013-08-23 17:17 - 2013-06-01 13:29 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-23 16:48 - 2013-06-01 13:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 16:47 - 2013-08-23 16:47 - 00891115 _____ C:\Users\Paul\Desktop\SecurityCheck.exe
2013-08-23 15:35 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 15:35 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 15:32 - 2013-08-23 15:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-23 15:32 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-08-23 15:32 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-08-23 15:32 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 15:31 - 2013-05-30 12:26 - 01542936 _____ C:\Windows\WindowsUpdate.log
2013-08-23 15:30 - 2013-08-23 15:30 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
2013-08-23 15:28 - 2013-06-01 14:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-23 15:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 15:28 - 2009-07-14 06:51 - 00052969 _____ C:\Windows\setupact.log
2013-08-22 18:54 - 2013-08-22 18:54 - 00000000 ____D C:\Windows\ERUNT
2013-08-22 18:49 - 2013-08-22 18:47 - 00000000 ____D C:\AdwCleaner
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\Users\Paul\AppData\Local\PMB Files
2013-08-21 21:44 - 2013-06-07 16:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-21 20:49 - 2013-06-01 13:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 20:49 - 2013-06-01 13:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 20:49 - 2013-06-01 13:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 19:57 - 2013-08-21 19:57 - 00023045 _____ C:\ComboFix.txt
2013-08-21 19:57 - 2013-06-07 12:41 - 00000000 ____D C:\Qoobox
2013-08-21 19:53 - 2013-06-07 12:40 - 00000000 ____D C:\Windows\erdnt
2013-08-21 19:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 19:49 - 2010-11-21 05:47 - 00006654 _____ C:\Windows\PFRO.log
2013-08-20 18:29 - 2013-08-20 18:29 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:29 - 2013-08-20 18:29 - 00000000 ____D C:\Program Files\iPod
2013-08-20 18:24 - 2013-06-02 23:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-17 07:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-14 18:05 - 2013-08-14 18:05 - 00292168 _____ C:\Windows\Minidump\081413-14929-01.dmp
2013-08-14 18:05 - 2013-06-28 14:31 - 00000000 ____D C:\Windows\Minidump
2013-08-14 09:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 08:33 - 2013-07-24 18:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:32 - 2013-06-01 14:05 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 18:30 - 2013-08-13 18:30 - 00000000 ____D C:\FRST
2013-08-13 18:29 - 2013-08-13 18:29 - 00000000 _____ C:\Users\Paul\defogger_reenable
2013-08-13 18:29 - 2013-05-30 12:26 - 00000000 ____D C:\Users\Paul
2013-08-10 19:06 - 2013-08-10 19:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-08-10 19:04 - 2013-08-10 19:04 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-10 19:04 - 2013-08-10 19:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 19:04 - 2013-08-10 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-08-07 19:44 - 2013-06-01 14:20 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-07 19:44 - 2013-06-01 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-07 19:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-30 17:44 - 2013-07-30 17:44 - 00000000 ____D C:\NvidiaLogging
2013-07-30 17:43 - 2013-06-01 14:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 17:43 - 2013-06-01 14:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 17:42 - 2013-07-30 17:42 - 00000000 ____D C:\Users\Paul\AppData\Local\NVIDIA
2013-07-30 17:41 - 2013-06-01 14:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-26 07:13 - 2013-08-14 08:37 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 08:37 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 08:37 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 08:37 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 08:37 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 08:37 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 08:36 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 08:37 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 08:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-14 08:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-14 08:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 08:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 08:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 19:46
==================== End Of Log ============================
--- --- --- --- --- --- Ja das Problem ist immernoch da  . |
|
24.08.2013, 09:05
| #14 |
| /// the machine /// TB-Ausbilder | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) alles von Comodo deinstallieren und neu installieren, dann nochmal testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.08.2013, 11:02
| #15 |
| | Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) Vielen, vielen Dank!!!! Läuft wieder alles. Super! Liebe Grüße luapnrok  |
|
| Themen zu Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32) |
| .exe, 5 browser-prozesse, anhang, browser, defogger, gescannt, inter, interne, internet, internet langsam, laufe, laufen, logfiles, prozesse, stark, tagen, ungewöhnlich |
Hybrid-Darstellung
