Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 23.06.2014, 22:32   #1
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Hi!

Auf dem Laptop meiner Eltern hat sich eine Variation des BKA-Trojaners eingenistet. Nach einiger Recherche im Netz habe ich mir die Kaspersky Recue Disc gebrannt und den Schädling aus dem System geschmissen.

So weit, so gut. Jedoch lässt sich auf dem Rechner weder der Antivir noch Malwarebytes Anti-Malware starten, deinstallieren, aufrufen, etc. Jedes Mal kommt der Hinweis auf eine Blockierung durch die Gruppenrichtlinien.

Das ist momentan der Stand der Dinge. Ich hoffe Ihr könnt mir weiterhelfen.

defogger_disable

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:00 on 23/06/2014 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Administrator (administrator) on JOSEF-PC on 23-06-2014 21:04:25
Running from C:\Users\Administrator\Downloads
Platform: Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Windows\System32\lpremove.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]

========================== Services (Whitelisted) =================

R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:07 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-23 21:04 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-23 21:03 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-23 20:47 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD

==================== One Month Modified Files and Folders =======

2014-06-23 21:07 - 2014-06-23 21:04 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:07 - 2007-11-25 21:09 - 01122012 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-23 21:03 - 2014-06-23 21:02 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-23 20:50 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 20:48 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:47 - 2014-06-22 15:22 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 19:04 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-22 19:04 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:42 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:49 - 2010-12-20 14:03 - 00000000 ____D () C:\Program Files\IncrediMail_MediaBar_2
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:37 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 19:07 - 2014-06-16 16:40 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
2014-06-21 12:08 - 2014-06-21 12:01 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:47 - 2014-06-17 20:45 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-17 20:14 - 2014-06-17 20:07 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:48 - 2014-06-17 10:47 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:29 - 2014-06-16 19:27 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:23 - 2014-06-16 19:21 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 20:53

==================== End Of Log ============================
         
--- --- ---


Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Administrator at 2014-06-23 21:08:26
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Application Installer 4.00.B14 (HKLM\...\{70CEFEBA-F757-4DBE-8A21-027C326137CE}) (Version: 4.00.B14 - Hewlett-Packard Company)
ATI Catalyst Install Manager (HKLM\...\{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}) (Version: 3.0.641.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version:  - ATI Technologies, Inc.)
Avira AntiVir Personal - Free Antivirus (HKLM\...\AntiVir PersonalEdition Classic) (Version:  - Avira GmbH)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Catalyst Control Center Core Implementation (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0202.1934.34870 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Czech (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Danish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Dutch (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help English (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Finnish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help French (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help German (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Greek (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Italian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Japanese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Korean (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Polish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Russian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Spanish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Swedish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Thai (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Turkish (Version: 2007.0202.1933.34870 - ATI) Hidden
ccc-Branding (HKLM\...\{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0202.1934.34870 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.0202.1934.34870 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conduit Engine (HKLM\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Credential Manager for HP ProtectTools (HKLM\...\{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}) (Version: 2.5.0.880.13 - Hewlett-Packard)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Vista (HKLM\...\{DFE967A8-9C30-413C-B2D5-C0D576949553}) (Version: 1.0.10.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP Active Support Library (Version: 2.0.9.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 1.0.9 - Hewlett-Packard) Hidden
HP BIOS Configuration for ProtectTools (HKLM\...\{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}) (Version: 3.00 C1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)
HP Notebook Accessories Product Tour (HKLM\...\{521F72F4-FFE4-4959-AA88-EED06125211F}) (Version: 13.0.0 - Hewlett-Packard)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP ProtectTools Security Manager (HKLM\...\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}) (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.20 F2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 F2 - Hewlett-Packard)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guides 0064 (HKLM\...\{E25AA53F-6878-4C64-8130-EB8D678DF303}) (Version: 1.03.0000 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
IncrediMail MediaBar 2 Toolbar (HKLM\...\IncrediMail_MediaBar_2 Toolbar) (Version: 6.1.0.7 - IncrediMail MediaBar 2) <==== ATTENTION
InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version:  - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{3912A629-0020-0005-3131-2FBA74D4DF0A}) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1164 - InterVideo Inc.)
Java 7 Update 10 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
jose (HKLM\...\jose-chess) (Version: 1.3 - )
LightScribe  1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetCologne-Installationsdateien entfernen (HKLM\...\NetCologne) (Version:  - )
OpenOffice.org 2.4 (HKLM\...\{1B14B0C3-2D60-477C-A1FE-B88E60948854}) (Version: 2.4.9286 - OpenOffice.org)
PDF Complete (HKLM\...\PDF Complete) (Version:  - )
Pegasus Mail (HKLM\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail v4.51 R1 (Deutsche Komplettversion) (HKLM\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Tech Soft GmbH)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1008 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (Version: 1.0.0.1008 - Ihr Firmenname) Hidden
Registry System Wizard.NET (HKLM\...\{110ED870-1DF3-4574-A679-E2C4A8163211}_is1) (Version: 0.13.731.51 - WinFAQ)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.116 - Roxio)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Skat (HKLM\...\Skat_is1) (Version:  - madcat Software GmbH)
Skat Installer (HKLM\...\SkatInstaller) (Version:  - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5180 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ST Wiederherstellungs- & Sicherungsprogramme (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 4.0.14 - Hewlett-Packard Company )
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Two Worlds Pinball (HKLM\...\Two Worlds Pinball) (Version: 1.00 - TopWare Interactive Inc.)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Vista Default Settings (HKLM\...\{C6271F2D-3D0A-439B-BD78-584E017C636E}) (Version: 1.0.5.1 - Hewlett-Packard)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2B3E9ADD-508C-4CF7-9700-73B6165FC3E4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3990F0B8-156A-44C3-ABA3-9BAD73A52FF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {75243CA4-DAEB-4277-AD9A-D16EF95D0AEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {A54364EA-7555-4899-88DA-84332EAA7C63} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {B6F2CA9C-886C-4FE0-AB69-E82946FFF9CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-01-18 20:35 - 2008-04-21 21:00 - 00339968 _____ () C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
2007-02-02 18:01 - 2007-02-02 18:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2007-02-16 17:40 - 2007-02-16 17:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 17:40 - 2007-02-16 17:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 08:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: c50
Anfangszeit: 01cf8f13c9322e5d
Zeitpunkt der Beendigung: 0

Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (06/22/2014 06:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x0014cb53,
Prozess-ID 0x524, Anwendungsstartzeit iexplore.exe0.

Error: (06/22/2014 03:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul PriceGongIE.dll, Version 3.6.12.0, Zeitstempel 0x516e945c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000b078,
Prozess-ID 0xbd0, Anwendungsstartzeit iexplore.exe0.

Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (06/22/2014 00:56:33 PM) (Source: MsiInstaller) (EventID: 11920) (User: Josef-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/22/2014 00:43:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: f3c
Anfangszeit: 01cf8e0378293afd
Zeitpunkt der Beendigung: 3866

Error: (06/22/2014 00:11:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (04/28/2013 09:32:24 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 001A73A8CD9D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (04/28/2013 09:32:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 27.04.2013 um 22:59:19 unerwartet heruntergefahren.

Error: (04/27/2013 09:08:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 001A73A8CD9D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (04/27/2013 08:48:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (04/27/2013 08:47:11 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/27/2013 10:44:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/27/2013 09:13:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (04/27/2013 09:12:28 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/27/2013 00:06:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/26/2013 10:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058


Microsoft Office Sessions:
=========================
Error: (06/23/2014 08:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6001.18164c5001cf8f13c9322e5d0

Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)

Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)

Error: (06/22/2014 06:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.190884de07b1bmshtml.dll8.0.6001.190884de090edc00000050014cb5352401cf8e212fce318d

Error: (06/22/2014 03:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.190884de07b1bPriceGongIE.dll3.6.12.0516e945cc00000050000b078bd001cf8e20a6b95f21

Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)

Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)

Error: (06/22/2014 00:56:33 PM) (Source: MsiInstaller) (EventID: 11920) (User: Josef-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)

Error: (06/22/2014 00:43:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6001.18164f3c01cf8e0378293afd3866

Error: (06/22/2014 00:11:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 21:07:34.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:34.379
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:34.004
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:33.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:33.129
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:32.786
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:32.442
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 21:07:32.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-06 09:23:35.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-06 09:23:35.449
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 85%
Total physical RAM: 894.53 MB
Available physical RAM: 131.46 MB
Total Pagefile: 2053.43 MB
Available Pagefile: 589.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:65.39 GB) (Free:22.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (OS_TOOLS) (Fixed) (Total:1.55 GB) (Free:1.32 GB) NTFS
Drive f: (HP_RECOVERY) (Fixed) (Total:7.59 GB) (Free:0.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 8451F94D)
Partition 1: (Active) - (Size=65 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 23.06.2014, 22:45   #2
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Gmer

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-23 23:05:56
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8037GSX rev.DL232C 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kgloypow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAcceptConnectPort [0x81FFF991]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheck [0x81E6C023]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheckAndAuditAlarm [0x82033E31]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheckByType [0x81E71185]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheckByTypeAndAuditAlarm [0x82033D51]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheckByTypeResultList [0x81F25C0C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheckByTypeResultListAndAuditAlarm [0x820E72BD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x820E7306]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAddAtom [0x82001C22]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAddBootEntry [0x820FC2AE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAddDriverEntry [0x820FD552]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAdjustGroupsToken [0x82029D58]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAdjustPrivilegesToken [0x8202ACF3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlertResumeThread [0x820DAEE9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlertThread [0x82040305]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAllocateLocallyUniqueId [0x8202013D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAllocateUserPhysicalPages [0x820CCCCB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAllocateUuids [0x81FEBFA1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAllocateVirtualMemory [0x82077E68]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcAcceptConnectPort [0x820326CE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcCancelMessage [0x81FF9355]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcConnectPort [0x820314F3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcCreatePort [0x82001803]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcCreatePortSection [0x8204288C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcCreateResourceReserve [0x81FF7844]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcCreateSectionView [0x8204265C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcCreateSecurityContext [0x8203C04A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcDeletePortSection [0x8202562D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcDeleteResourceReserve [0x820C869B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcDeleteSectionView [0x8202A707]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcDeleteSecurityContext [0x8203C61C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcDisconnectPort [0x8202B51F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcImpersonateClientOfPort [0x820378CD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcOpenSenderProcess [0x82002ADF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcOpenSenderThread [0x82004B93]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcQueryInformation [0x8202B5C1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcQueryInformationMessage [0x82040480]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcRevokeSecurityContext [0x820C87C0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcSendWaitReceivePort [0x82070EA8]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAlpcSetInformation [0x8201DDC3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwApphelpCacheControl [0x82012B86]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAreMappedFilesTheSame [0x8209499E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAssignProcessToJobObject [0x82005211]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCallbackReturn [0x81EFE3EC]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCancelDeviceWakeupRequest [0x820D67E9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCancelIoFile [0x81FF8552]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCancelTimer [0x81E7138E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwClearEvent [0x8208FE96]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwClose [0x82062CA5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCloseObjectAuditAlarm [0x82033C76]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCompactKeys [0x8209C284]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCompareTokens [0x81FFC0A3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCompleteConnectPort [0x81FFFA0E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCompressKey [0x8209C50F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwConnectPort [0x8201184D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwContinue [0x81EA04C8]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateDebugObject [0x820ABBD0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateDirectoryObject [0x8201E93A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateEvent [0x8206DA84]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateEventPair [0x82101968]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateFile [0x8206C366]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateIoCompletion [0x8201115E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateJobObject [0x81FF0672]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateJobSet [0x820DCC57]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateKey [0x8202CFA5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateKeyTransacted [0x81FC17FD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateMailslotFile [0x81FE49EA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateMutant [0x8207BF77]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateNamedPipeFile [0x82013104]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreatePrivateNamespace [0x81FDF0C2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreatePagingFile [0x81F9660D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreatePort [0x81FDC581]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateProcess [0x820D972B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateProcessEx [0x820D9776]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateProfile [0x82101FE7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateSection [0x8208E689]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateSemaphore [0x820253FE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateSymbolicLinkObject [0x8201E3FB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateThread [0x820D9560]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateTimer [0x82001866]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateToken [0x82022121]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateTransaction [0x81FF0F95]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenTransaction [0x820E9AF3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationTransaction [0x820E9D02]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationTransactionManager [0x81FBA2FA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrePrepareEnlistment [0x820E9428]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrepareEnlistment [0x820E9367]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCommitEnlistment [0x820E94E9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReadOnlyEnlistment [0x820E996D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRollbackComplete [0x820E9A2C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRollbackEnlistment [0x820E95AA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCommitTransaction [0x81FBFB07]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRollbackTransaction [0x81FBD3DA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrePrepareComplete [0x820E972C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrepareComplete [0x820E966B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCommitComplete [0x820E97ED]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSinglePhaseReject [0x820E98AE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationTransaction [0x820EA5D7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationTransactionManager [0x820EAE3F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationResourceManager [0x81FBACEC]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateTransactionManager [0x81FC8B37]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenTransactionManager [0x81FBAF70]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRenameTransactionManager [0x820EAC07]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRollforwardTransactionManager [0x820EAD74]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRecoverEnlistment [0x820E8EB0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRecoverResourceManager [0x81FCA3B4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRecoverTransactionManager [0x81FC6D56]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateResourceManager [0x81FC868B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenResourceManager [0x81FBA83A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetNotificationResourceManager [0x81FCA429]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationResourceManager [0x820EA9BB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateEnlistment [0x81FBEB9A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenEnlistment [0x820E8CE7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationEnlistment [0x820E9178]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationEnlistment [0x820E8F0B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateWaitablePort [0x81FD2C75]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDebugActiveProcess [0x820ACAD8]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDebugContinue [0x820AD19D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDelayExecution [0x8208FC7A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteAtom [0x81FF973D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteBootEntry [0x820FC2DF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteDriverEntry [0x820FD583]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteFile [0x81FB6A65]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteKey [0x81FFA83C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeletePrivateNamespace [0x820D1DC1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteObjectAuditAlarm [0x82094E85]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeleteValueKey [0x81FF521F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDeviceIoControlFile [0x8207BE13]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDisplayString [0x81F940BB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDuplicateObject [0x8203F231]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwDuplicateToken [0x8203047A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwEnumerateBootEntries [0x820FC4E0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwEnumerateDriverEntries [0x820FD782]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwEnumerateKey [0x8204CF8E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwEnumerateSystemEnvironmentValuesEx [0x820FC0AF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwEnumerateTransactionObject [0x820EA3C5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwEnumerateValueKey [0x82016A16]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwExtendSection [0x820CB115]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFilterToken [0x81FEF3E0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFindAtom [0x81FF9201]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushBuffersFile [0x82037B3F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushInstructionCache [0x81FF732B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushKey [0x81FCA538]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushProcessWriteBuffers [0x81E5CA52]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushVirtualMemory [0x81FF3A28]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushWriteBuffer [0x820CDD34]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFreeUserPhysicalPages [0x820CD3FD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFreeVirtualMemory [0x81ED6CE7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFreezeRegistry [0x81F07CC9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFreezeTransactions [0x820EA852]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFsControlFile [0x8206ED1D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetContextThread [0x82097C7E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetDevicePowerState [0x820D681B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetNlsSectionPtr [0x81FF16B3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetPlugPlayEvent [0x81FD6840]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetWriteWatch [0x81F16354]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwImpersonateAnonymousToken [0x82000257]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwImpersonateClientOfPort [0x8202551B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwImpersonateThread [0x82012980]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwInitializeNlsFiles [0x82010B87]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwInitializeRegistry [0x81FB645A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwInitiatePowerAction [0x820D65F4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwIsProcessInJob [0x82099F04]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwIsSystemResumeAutomatic [0x820D67FF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwListenPort [0x81FA4E75]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLoadDriver [0x81FB4AD0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLoadKey [0x81FCA408]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLoadKey2 [0x81F98D1A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLoadKeyEx [0x81FCC4C6]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLockFile [0x820203BD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLockProductActivationKeys [0x81FF5542]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLockRegistryKey [0x81F8625A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwLockVirtualMemory [0x81E60FC1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwMakePermanentObject [0x81FF2572]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwMakeTemporaryObject [0x82024E35]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwMapUserPhysicalPages [0x820CC05E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwMapUserPhysicalPagesScatter [0x820CC5D3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwMapViewOfSection [0x82069AFE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwModifyBootEntry [0x820FC4AF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwModifyDriverEntry [0x820FD753]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwNotifyChangeDirectoryFile [0x81FF62C2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwNotifyChangeKey [0x820061CD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwNotifyChangeMultipleKeys [0x8200549B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenDirectoryObject [0x8207996A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenEvent [0x8202B451]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenEventPair [0x82101A97]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenFile [0x820559E9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenIoCompletion [0x820B57B1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenJobObject [0x820DC94F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenKey [0x8205A526]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenKeyTransacted [0x81FC17A2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenMutant [0x82072644]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenPrivateNamespace [0x81FEC1FB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenObjectAuditAlarm [0x81FDF725]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenProcess [0x82056EF2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenProcessToken [0x8205267B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenProcessTokenEx [0x8204DE0D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenSection [0x8206DBA2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenSemaphore [0x81FF0823]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenSession [0x81FE217B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenSymbolicLinkObject [0x82024CA4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenThread [0x8204757A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenThreadToken [0x82052E51]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenThreadTokenEx [0x82050811]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenTimer [0x821016F3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPlugPlayControl [0x81FF7A9E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPowerInformation [0x82075567]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrivilegeCheck [0x82032C57]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrivilegeObjectAuditAlarm [0x81FDA71D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPrivilegedServiceAuditAlarm [0x81FF5ACC]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwProtectVirtualMemory [0x8207BC7E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPulseEvent [0x8209A0D2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryAttributesFile [0x820519DA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryBootEntryOrder [0x820FC991]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryBootOptions [0x820FCDEF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryDebugFilterState [0x81F02E59]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryDefaultLocale [0x8200DD30]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryDefaultUILanguage [0x81FCAA02]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryDirectoryFile [0x8205617C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryDirectoryObject [0x8206F878]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryDriverEntryOrder [0x820FD303]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryEaFile [0x81FA2B4C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryEvent [0x81FF8A8A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryFullAttributesFile [0x82016C90]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationAtom [0x81FF95EA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationFile [0x82050AE0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationJobObject [0x81FB6D95]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationPort [0x820C77A7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationProcess [0x8208FEE4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationThread [0x82061706]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationToken [0x8204DF38]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInstallUILanguage [0x81FD26FF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryIntervalProfile [0x821024E3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryIoCompletion [0x820B5888]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryKey [0x8204D3A0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryMultipleValueKey [0x8209BAF9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryMutant [0x82101DE6]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryObject [0x8201B0DC]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryOpenSubKeys [0x8209BD55]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryOpenSubKeysEx [0x8209387C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryPerformanceCounter [0x8209172D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryQuotaInformationFile [0x820B6B64]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySection [0x8207BE46]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySecurityObject [0x82018EB3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySemaphore [0x820FB2E4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySymbolicLinkObject [0x8200D774]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySystemEnvironmentValue [0x820FB4DB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySystemEnvironmentValueEx [0x820FBAE7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySystemInformation [0x8207C06F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQuerySystemTime [0x82057D95]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryTimer [0x821017C6]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryTimerResolution [0x81FF5F1B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryValueKey [0x8204AF13]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryVirtualMemory [0x82051B77]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryVolumeInformationFile [0x8206ED50]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueueApcThread [0x81FF8F9C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRaiseException [0x81EA0510]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRaiseHardError [0x81FC4552]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReadFile [0x8205130A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReadFileScatter [0x81FD2D2C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReadRequestData [0x820C7867]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReadVirtualMemory [0x820201C9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRegisterThreadTerminatePort [0x820DA61C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReleaseMutant [0x8208FB60]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReleaseSemaphore [0x8203C378]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRemoveIoCompletion [0x82092330]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRemoveProcessDebug [0x820ACC23]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRenameKey [0x8209BFFE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReplaceKey [0x8209B9CE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReplacePartitionUnit [0x81F10997]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReplyPort [0x8203C278]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReplyWaitReceivePort [0x820616A7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReplyWaitReceivePortEx [0x82061556]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReplyWaitReplyPort [0x820C7A3D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRequestPort [0x820475AF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRequestWaitReplyPort [0x82072415]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRequestWakeupLatency [0x820D6597]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwResetEvent [0x81FFF8B7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwResetWriteWatch [0x81F16ABD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRestoreKey [0x8209A982]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwResumeProcess [0x820DAE83]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwResumeThread [0x82046924]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSaveKey [0x8209AAA3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSaveKeyEx [0x8209ABAA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSaveMergedKeys [0x8209ACF7]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSecureConnectPort [0x8201125F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetBootEntryOrder [0x820FCBE0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetBootOptions [0x820FD0E4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetContextThread [0x820DA233]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetDebugFilterState [0x81F83489]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetDefaultHardErrorPort [0x81F9FF03]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetDefaultLocale [0x81FD9C6F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetDefaultUILanguage [0x81FDA020]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetDriverEntryOrder [0x820FDB93]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetEaFile [0x820B65B4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetEvent [0x8208FA83]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetEventBoostPriority [0x820FAF41]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetHighEventPair [0x82101D77]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetHighWaitLowEventPair [0x82101CA9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationDebugObject [0x820AD366]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationFile [0x82039B8F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationJobObject [0x81FEF98D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationKey [0x8209B56D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationObject [0x82034D83]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationProcess [0x82079A24]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationThread [0x82047EB4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationToken [0x82020C60]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetIntervalProfile [0x821024C0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetIoCompletion [0x82053B71]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetLdtEntries [0x820DC603]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetLowEventPair [0x82101D14]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetLowWaitHighEventPair [0x82101C3E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetQuotaInformationFile [0x820B71B6]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetSecurityObject [0x8201E773]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetSystemEnvironmentValue [0x820FB7E5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetSystemEnvironmentValueEx [0x820FBE0D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetSystemInformation [0x8203C722]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetSystemPowerState [0x8211E5E3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetSystemTime [0x820F7BE9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetThreadExecutionState [0x81FF1BE2]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetTimer [0x81E7ED03]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetTimerResolution [0x81FF83B6]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetUuidSeed [0x81FA33B4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetValueKey [0x8202DDD1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetVolumeInformationFile [0x820B71D0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwShutdownSystem [0x820F9869]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSignalAndWaitForSingleObject [0x81F038F0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwStartProfile [0x82102220]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwStopProfile [0x821023F9]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSuspendProcess [0x820DAE23]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSuspendThread [0x82097CEA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSystemDebugControl [0x82042E60]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTerminateJobObject [0x8201A60C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTerminateProcess [0x820282F0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTerminateThread [0x82054AF3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTestAlert [0x82046E31]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwThawRegistry [0x81F07D2D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwThawTransactions [0x820EA939]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTraceEvent [0x81E71845]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTraceControl [0x82033F66]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwTranslateFilePath [0x820FDD9F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnloadDriver [0x820B7A20]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnloadKey [0x8209530E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnloadKey2 [0x82095328]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnloadKeyEx [0x8209AE8B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnlockFile [0x8202082D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnlockVirtualMemory [0x81E5EE8D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwUnmapViewOfSection [0x8206A155]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwVdmControl [0x820EE071]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitForDebugEvent [0x820ACE73]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitForMultipleObjects [0x8205E026]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitForSingleObject [0x8208E8BB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitHighEventPair [0x82101BD5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitLowEventPair [0x82101B6C]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWriteFile [0x8206C5A3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWriteFileGather [0x8201B6E0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWriteRequestData [0x820C78D4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWriteVirtualMemory [0x82053033]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwYieldExecution [0x81E6C1A0]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateKeyedEvent [0x820013ED]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwOpenKeyedEvent [0x821025B5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReleaseKeyedEvent [0x8203F378]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitForKeyedEvent [0x8203E504]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryPortInformationProcess [0x820D9C1E]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetCurrentProcessorNumber [0x82097F6D]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitForMultipleObjects32 [0x820D0AA3]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetNextProcess [0x820DB038]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetNextThread [0x820DB2A5]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCancelIoFileEx [0x820B5A11]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCancelSynchronousIoFile [0x820B5B51]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRemoveIoCompletionEx [0x820033DE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwRegisterProtocolAddressInformation [0x81FBB1F1]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPropagationComplete [0x820ED0DB]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwPropagationFailed [0x820ED1AA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateWorkerFactory [0x820019AD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReleaseWorkerFactoryWorker [0x81E81E4B]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWaitForWorkViaWorkerFactory [0x81E81983]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwSetInformationWorkerFactory [0x81E604FE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryInformationWorkerFactory [0x81F2B35F]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwWorkerFactoryWorkerReady [0x81E7410A]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwShutdownWorkerFactory [0x81FFCF41]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateThreadEx [0x82046F82]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwCreateUserProcess [0x8200DE26]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwQueryLicenseValue [0x8200B4FA]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwMapCMFModule [0x820148C4]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwIsUILanguageComitted [0x81FCABCD]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwFlushInstallUILanguage [0x81FCACDE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwGetMUIRegistryInfo [0x82010DEE]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwAcquireCMFViewOwnership [0x821026AF]
SSDT            \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    ZwReleaseCMFViewOwnership [0x82102877]

INT 0x00        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9D730
INT 0x01        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9D8B0
INT 0x03        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9DD04
INT 0x04        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9DE8C
INT 0x05        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9DFEC
INT 0x06        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9E160
INT 0x07        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9E7D0
INT 0x09        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9EBF8
INT 0x0A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9ED1C
INT 0x0B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9EE5C
INT 0x0C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9F0BC
INT 0x0D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9F3A4
INT 0x0E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FAA8
INT 0x0F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x10        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FF5C
INT 0x11        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81EA009C
INT 0x12        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x13        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81EA0208
INT 0x14        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x15        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x16        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x17        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x18        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x19        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x1A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x1B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x1C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x1D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x1E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x1F        \SystemRoot\system32\hal.dll                                                                                                                         81E29CD0
INT 0x2A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9CE6A
INT 0x2B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9CFF0
INT 0x2C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9D12C
INT 0x2D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9DBDC
INT 0x2E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C82E
INT 0x2F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9FE38
INT 0x30        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BEF0
INT 0x31        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BEFA
INT 0x32        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF04
INT 0x33        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF0E
INT 0x34        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF18
INT 0x35        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF22
INT 0x36        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF2C
INT 0x37        \SystemRoot\system32\hal.dll                                                                                                                         81E290E8
INT 0x38        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF40
INT 0x39        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF4A
INT 0x3A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF54
INT 0x3B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF5E
INT 0x3C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF68
INT 0x3D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF72
INT 0x3E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF7C
INT 0x3F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF86
INT 0x40        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF90
INT 0x41        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BF9A
INT 0x42        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFA4
INT 0x43        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFAE
INT 0x44        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFB8
INT 0x45        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFC2
INT 0x46        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFCC
INT 0x47        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFD6
INT 0x48        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFE0
INT 0x49        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFEA
INT 0x4A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFF4
INT 0x4B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9BFFE
INT 0x4C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C008
INT 0x4D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C012
INT 0x4E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C01C
INT 0x4F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C026
INT 0x50        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C030
INT 0x51        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C03A
INT 0x52        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C044
INT 0x53        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C04E
INT 0x54        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C058
INT 0x55        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C062
INT 0x56        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C06C
INT 0x57        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C076
INT 0x58        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C080
INT 0x59        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C08A
INT 0x5A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C094
INT 0x5B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C09E
INT 0x5C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0A8
INT 0x5D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0B2
INT 0x5E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0BC
INT 0x5F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0C6
INT 0x60        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0D0
INT 0x61        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0DA
INT 0x62        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0E4
INT 0x63        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0EE
INT 0x64        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C0F8
INT 0x65        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C102
INT 0x66        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C10C
INT 0x67        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C116
INT 0x68        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C120
INT 0x69        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C12A
INT 0x6A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C134
INT 0x6B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C13E
INT 0x6C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C148
INT 0x6D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C152
INT 0x6E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C15C
INT 0x6F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C166
INT 0x70        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C170
INT 0x71        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C17A
INT 0x72        \SystemRoot\system32\DRIVERS\USBPORT.SYS                                                                                                             86108C2F
INT 0x72        \SystemRoot\system32\DRIVERS\USBPORT.SYS                                                                                                             86108C2F
INT 0x72        \SystemRoot\system32\DRIVERS\USBPORT.SYS                                                                                                             86108C2F
INT 0x72        \SystemRoot\system32\DRIVERS\USBPORT.SYS                                                                                                             86108C2F
INT 0x72        \SystemRoot\system32\DRIVERS\USBPORT.SYS                                                                                                             86108C2F
INT 0x73        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C18E
INT 0x74        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C198
INT 0x75        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1A2
INT 0x76        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1AC
INT 0x77        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1B6
INT 0x78        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1C0
INT 0x79        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1CA
INT 0x7A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1D4
INT 0x7B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1DE
INT 0x7C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1E8
INT 0x7D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1F2
INT 0x7E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C1FC
INT 0x7F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C206
INT 0x80        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C210
INT 0x81        \SystemRoot\system32\drivers\ataport.SYS                                                                                                             8295CE7E
INT 0x82        \SystemRoot\system32\DRIVERS\USBPORT.SYS                                                                                                             86108C2F
INT 0x83        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C22E
INT 0x84        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C238
INT 0x85        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C242
INT 0x86        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C24C
INT 0x87        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C256
INT 0x88        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C260
INT 0x89        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C26A
INT 0x8A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C274
INT 0x8B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C27E
INT 0x8C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C288
INT 0x8D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C292
INT 0x8E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C29C
INT 0x8F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2A6
INT 0x90        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2B0
INT 0x91        \SystemRoot\system32\drivers\ataport.SYS                                                                                                             8295CE7E
INT 0x92        \SystemRoot\system32\DRIVERS\pcmcia.sys                                                                                                              82911EEA
INT 0x93        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2CE
INT 0x94        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2D8
INT 0x95        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2E2
INT 0x96        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2EC
INT 0x97        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C2F6
INT 0x98        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C300
INT 0x99        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C30A
INT 0x9A        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C314
INT 0x9B        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C31E
INT 0x9C        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C328
INT 0x9D        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C332
INT 0x9E        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C33C
INT 0x9F        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C346
INT 0xA0        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C350
INT 0xA1        \SystemRoot\system32\drivers\ataport.SYS                                                                                                             8295CE7E
INT 0xA1        \SystemRoot\system32\drivers\ataport.SYS                                                                                                             8295CE7E
INT 0xA1        \SystemRoot\system32\DRIVERS\HDAudBus.sys                                                                                                            8616D45E
INT 0xA1        \SystemRoot\system32\drivers\ataport.SYS                                                                                                             8295CE7E
INT 0xA2        \SystemRoot\system32\DRIVERS\i8042prt.sys                                                                                                            8618A286
INT 0xA3        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C36E
INT 0xA4        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C378
INT 0xA5        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C382
INT 0xA6        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C38C
INT 0xA7        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C396
INT 0xA8        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3A0
INT 0xA9        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3AA
INT 0xAA        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3B4
INT 0xAB        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3BE
INT 0xAC        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3C8
INT 0xAD        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3D2
INT 0xAE        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3DC
INT 0xAF        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3E6
INT 0xB0        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C3F0
INT 0xB1        \SystemRoot\system32\drivers\acpi.sys                                                                                                                82815A48
         
__________________


Alt 23.06.2014, 22:47   #3
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Gmer Teil 2

Code:
ATTFilter
INT 0xB1        \SystemRoot\system32\drivers\acpi.sys                                                                                                                82815A48
INT 0xB2        \SystemRoot\system32\DRIVERS\i8042prt.sys                                                                                                            86180F56
INT 0xB3        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C40E
INT 0xB4        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C418
INT 0xB5        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C422
INT 0xB6        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C42C
INT 0xB7        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C436
INT 0xB8        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C440
INT 0xB9        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C44A
INT 0xBA        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C454
INT 0xBB        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C45E
INT 0xBC        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C468
INT 0xBD        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C472
INT 0xBE        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C47C
INT 0xBF        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C486
INT 0xC0        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C490
INT 0xC1        \SystemRoot\system32\hal.dll                                                                                                                         81E293D8
INT 0xC2        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4A4
INT 0xC3        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4AE
INT 0xC4        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4B8
INT 0xC5        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4C2
INT 0xC6        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4CC
INT 0xC7        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4D6
INT 0xC8        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4E0
INT 0xC9        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4EA
INT 0xCA        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4F4
INT 0xCB        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C4FE
INT 0xCC        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C508
INT 0xCD        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C512
INT 0xCE        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C51C
INT 0xCF        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C526
INT 0xD0        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C530
INT 0xD1        \SystemRoot\system32\hal.dll                                                                                                                         81E15724
INT 0xD2        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C544
INT 0xD3        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C54E
INT 0xD4        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C558
INT 0xD5        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C562
INT 0xD6        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C56C
INT 0xD7        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C576
INT 0xD8        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C580
INT 0xD9        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C58A
INT 0xDA        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C594
INT 0xDB        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C59E
INT 0xDC        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C5A8
INT 0xDD        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C5B2
INT 0xDE        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C5BC
INT 0xDF        \SystemRoot\system32\hal.dll                                                                                                                         81E291C0
INT 0xE0        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C5D0
INT 0xE1        \SystemRoot\system32\hal.dll                                                                                                                         81E29B40
INT 0xE2        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C5E4
INT 0xE3        \SystemRoot\system32\hal.dll                                                                                                                         81E296D4
INT 0xE4        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C5F8
INT 0xE5        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C602
INT 0xE6        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C60C
INT 0xE7        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C616
INT 0xE8        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C620
INT 0xE9        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C62A
INT 0xEA        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C634
INT 0xEB        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C63E
INT 0xEC        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C648
INT 0xED        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C652
INT 0xEE        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C659
INT 0xEF        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C660
INT 0xF0        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C667
INT 0xF1        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C66E
INT 0xF2        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C675
INT 0xF3        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C67C
INT 0xF4        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C683
INT 0xF5        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C68A
INT 0xF6        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C691
INT 0xF7        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C698
INT 0xF8        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C69F
INT 0xF9        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C6A6
INT 0xFA        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C6AD
INT 0xFB        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C6B4
INT 0xFC        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C6BB
INT 0xFD        \SystemRoot\system32\hal.dll                                                                                                                         81E2A100
INT 0xFE        \SystemRoot\system32\hal.dll                                                                                                                         81E2A36C
INT 0xFF        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C6D0

SYSENTER        \SystemRoot\system32\ntkrnlpa.exe                                                                                                                    81E9C900

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal                                                                                                            81E99018 1 Byte  [90]
.text           ntkrnlpa.exe!ZwQueryLicenseValue + D05                                                                                                               81E9CB69 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 4FA                                                                                                               81EF9E6A 18 Bytes  [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 512                                                                                                               81EF9E82 1 Byte  [00]
?               C:\Users\ADMINI~1\AppData\Local\Temp\kgloypow.sys                                                                                                    Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. !

---- User code sections - GMER 2.1 ----

UPX1            C:\Users\Administrator\Downloads\Gmer-19357.exe[1372] C:\Users\Administrator\Downloads\Gmer-19357.exe                                                entry point in "UPX1" section [0x004DB320]
UPX1            C:\Users\Administrator\Downloads\Gmer-19357.exe[1512] C:\Users\Administrator\Downloads\Gmer-19357.exe                                                entry point in "UPX1" section [0x004DB320]

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                               Ntfs.sys
Device          \FileSystem\Ntfs \Ntfs                                                                                                                               ntkrnlpa.exe
Device          \FileSystem\Ntfs \Ntfs                                                                                                                               ntkrnlpa.exe
Device          \                                                                                                                                                    
Device          \Driver\KSecDD \Device\KsecDD                                                                                                                        ksecdd.sys
Device          \Driver\KSecDD \Device\KsecDD                                                                                                                        ntkrnlpa.exe
Device          \Driver\NDIS \Device\Ndis                                                                                                                            ndis.sys
Device          \Driver\Beep \Device\Beep                                                                                                                            Beep.SYS
Device          \Driver\Beep \Device\Beep                                                                                                                            ntkrnlpa.exe
Device          \Device\00000032                                                                                                                                     
Device          \Device\00000025                                                                                                                                     
Device          \Device\00000019                                                                                                                                     
Device          \Device\00000033                                                                                                                                     
Device          \Device\00000026                                                                                                                                     
Device          \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                                                                    volsnap.sys
Device          \Device\00000040                                                                                                                                     
Device          \Device\00000034                                                                                                                                     
Device          \Device\00000027                                                                                                                                     
Device          \Driver\kbdclass \Device\KeyboardClass0                                                                                                              kbdclass.sys
Device          \Driver\kbdclass \Device\KeyboardClass0                                                                                                              ntkrnlpa.exe

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                              Wdf01000.sys

Device          \Device\Video0                                                                                                                                       
Device          \Driver\Wdf01000 \Device\KMDF0                                                                                                                       Wdf01000.sys
Device          \Driver\Wdf01000 \Device\KMDF0                                                                                                                       ntkrnlpa.exe
Device          \Driver\WMIxWDM \Device\WMIAdminDevice                                                                                                               ntkrnlpa.exe
Device          \Driver\WMIxWDM \Device\WMIAdminDevice                                                                                                               ntkrnlpa.exe
Device          \Driver\WMIxWDM \Device\WMIAdminDevice                                                                                                               ntkrnlpa.exe
Device          \Device\00000041                                                                                                                                     
Device          \Device\00000035                                                                                                                                     
Device          \Device\00000028                                                                                                                                     
Device          \Driver\kbdclass \Device\KeyboardClass1                                                                                                              kbdclass.sys
Device          \Driver\kbdclass \Device\KeyboardClass1                                                                                                              ntkrnlpa.exe
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                 volmgr.sys
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                 ntkrnlpa.exe
Device          \Device\00000042                                                                                                                                     
Device          \Device\00000036                                                                                                                                     
Device          \Device\00000029                                                                                                                                     
Device          \Device\KeyboardClass2                                                                                                                               
Device          \Driver\mouclass \Device\PointerClass0                                                                                                               mouclass.sys
Device          \Driver\mouclass \Device\PointerClass0                                                                                                               ntkrnlpa.exe
Device          \Device\00000050                                                                                                                                     
Device          \Device\00000043                                                                                                                                     
Device          \Device\00000037                                                                                                                                     
Device          \Device\0000000a                                                                                                                                     
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                     ntkrnlpa.exe
Device          \Driver\mouclass \Device\PointerClass1                                                                                                               mouclass.sys
Device          \Driver\mouclass \Device\PointerClass1                                                                                                               ntkrnlpa.exe
Device          \Driver\Compbatt \Device\CompositeBattery                                                                                                            compbatt.sys
Device          \Driver\Compbatt \Device\CompositeBattery                                                                                                            ntkrnlpa.exe
Device          \Device\00000051                                                                                                                                     
Device          \Device\00000044                                                                                                                                     
Device          \Device\00000038                                                                                                                                     
Device          \Device\0000000b                                                                                                                                     
Device          \Driver\WMIxWDM \Device\WMIDataDevice                                                                                                                ntkrnlpa.exe
Device          \Driver\WMIxWDM \Device\WMIDataDevice                                                                                                                ntkrnlpa.exe
Device          \Driver\WMIxWDM \Device\WMIDataDevice                                                                                                                ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                     ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawTape                                                                                                                      ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawTape                                                                                                                      ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawTape                                                                                                                      ntkrnlpa.exe
Device          \Device\00000052                                                                                                                                     
Device          \Device\00000045                                                                                                                                     
Device          \Device\00000039                                                                                                                                     
Device          \Device\0000000c                                                                                                                                     
Device          \Driver\usbohci \Device\USBPDO-2                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBPDO-2                                                                                                                     ntkrnlpa.exe
Device          \Device\NTPNP_PCI0000                                                                                                                                
Device          \Device\00000053                                                                                                                                     
Device          \Device\00000046                                                                                                                                     
Device          \Device\0000001a                                                                                                                                     
Device          \Device\0000000d                                                                                                                                     
Device          \Driver\PnpManager \Device\00000054                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000054                                                                                                                  ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                                     ntkrnlpa.exe
Device          \Device\NTPNP_PCI0001                                                                                                                                
Device          \Device\00000060                                                                                                                                     
Device          \Device\00000047                                                                                                                                     
Device          \Device\0000001b                                                                                                                                     
Device          \Device\0000000e                                                                                                                                     
Device          \Driver\PnpManager \Device\00000055                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000055                                                                                                                  ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                                     ntkrnlpa.exe
Device          \Device\NTPNP_PCI0002                                                                                                                                
Device          \Device\00000061                                                                                                                                     
Device          \Device\00000048                                                                                                                                     
Device          \Device\0000001c                                                                                                                                     
Device          \Device\0000000f                                                                                                                                     
Device          \Driver\usbehci \Device\USBPDO-5                                                                                                                     USBPORT.SYS
Device          \Driver\usbehci \Device\USBPDO-5                                                                                                                     ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000056                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000056                                                                                                                  ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0010                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0010                                                                                                                    pci.sys
Device          \Device\NTPNP_PCI0003                                                                                                                                
Device          \Driver\ACPI \Device\00000062                                                                                                                        acpi.sys
Device          \Device\00000049                                                                                                                                     
Device          \Driver\PnpManager \Device\0000001d                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\0000001d                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\0000001e                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\0000001e                                                                                                                  ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0011                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0011                                                                                                                    pci.sys
Device          \Device\00000070                                                                                                                                     
Device          \Device\NTPNP_PCI0004                                                                                                                                
Device          \Driver\Tcpip \Device\eQoS                                                                                                                           tcpip.sys
Device          \Driver\Tcpip \Device\eQoS                                                                                                                           ntkrnlpa.exe
Device          \Driver\ACPI \Device\00000063                                                                                                                        acpi.sys
Device          \Device\00000057                                                                                                                                     
Device          \Device\0000002a                                                                                                                                     
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                               volmgr.sys
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                               ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000058                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000058                                                                                                                  ntkrnlpa.exe
Device          \Device\00000071                                                                                                                                     
Device          \Device\NTPNP_PCI0012                                                                                                                                
Device          \Device\NTPNP_PCI0005                                                                                                                                
Device          \Driver\ACPI \Device\00000064                                                                                                                        acpi.sys
Device          \Device\0000002b                                                                                                                                     
Device          \Device\0000001f                                                                                                                                     
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                               volmgr.sys
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                               ntkrnlpa.exe
Device          \Driver\cdrom \Device\CdRom0                                                                                                                         CLASSPNP.SYS
Device          \Driver\cdrom \Device\CdRom0                                                                                                                         ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0006                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0006                                                                                                                    pci.sys
Device          \Driver\TermDD \Device\Termdd                                                                                                                        termdd.sys
Device          \Driver\Ecache \Device\ECacheControl                                                                                                                 ecache.sys
Device          \Driver\PnpManager \Device\00000059                                                                                                                  ntkrnlpa.exe
Device          \Driver\PnpManager \Device\00000059                                                                                                                  ntkrnlpa.exe
Device          \Device\00000072                                                                                                                                     
Device          \Device\NTPNP_PCI0013                                                                                                                                
Device          \Device\00000065                                                                                                                                     
Device          \Device\0000002c                                                                                                                                     
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                          ataport.SYS
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                          ntkrnlpa.exe
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                   ataport.SYS
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                   ntkrnlpa.exe
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                                                                          ataport.SYS
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                                                                          ntkrnlpa.exe
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                   ataport.SYS
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                   ntkrnlpa.exe
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                   ataport.SYS
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                   ntkrnlpa.exe
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                   ataport.SYS
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                   ntkrnlpa.exe
Device          \Driver\pciide \Device\Ide\PciIde1Channel0                                                                                                           ntkrnlpa.exe
Device          \Driver\pciide \Device\Ide\PciIde1Channel0                                                                                                           PCIIDEX.SYS
Device          \Driver\pciide \Device\Ide\PciIde1Channel1                                                                                                           ntkrnlpa.exe
Device          \Driver\pciide \Device\Ide\PciIde1Channel1                                                                                                           PCIIDEX.SYS
Device          \Driver\pciide \Device\Ide\PciIde0Channel0                                                                                                           ntkrnlpa.exe
Device          \Driver\pciide \Device\Ide\PciIde0Channel0                                                                                                           PCIIDEX.SYS
Device          \Driver\pciide \Device\Ide\PciIde0Channel1                                                                                                           ntkrnlpa.exe
Device          \Driver\pciide \Device\Ide\PciIde0Channel1                                                                                                           PCIIDEX.SYS
Device          \Device\Ide\PciIde0                                                                                                                                  
Device          \Device\Ide\PciIde1                                                                                                                                  
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                               volmgr.sys
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                               ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0007                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0007                                                                                                                    pci.sys
Device          \Device\i                                                                                                                                            
Device          \Driver\pci \Device\NTPNP_PCI0014                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0014                                                                                                                    pci.sys
Device          \Driver\pci \Device\NTPNP_PCI0008                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0008                                                                                                                    pci.sys
Device          \Driver\ACPI \Device\00000074                                                                                                                        acpi.sys
Device          \Driver\pci \Device\NTPNP_PCI0015                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0015                                                                                                                    pci.sys
Device          \Driver\ACPI \Device\00000067                                                                                                                        acpi.sys
Device          \Driver\ACPI \Device\00000075                                                                                                                        acpi.sys
Device          \Driver\SynTP \Device\00000081                                                                                                                       Wdf01000.sys
Device          \Driver\pci \Device\NTPNP_PCI0009                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0009                                                                                                                    pci.sys
Device          \Driver\ACPI \Device\00000068                                                                                                                        acpi.sys
Device          \Driver\HBtnKey \Device\00000082                                                                                                                     HIDCLASS.SYS
Device          \Driver\HBtnKey \Device\00000082                                                                                                                     ntkrnlpa.exe
Device          \Driver\ACPI \Device\00000076                                                                                                                        acpi.sys
Device          \Driver\pci \Device\NTPNP_PCI0023                                                                                                                    ntkrnlpa.exe
Device          \Driver\pci \Device\NTPNP_PCI0023                                                                                                                    pci.sys
Device          \Driver\ACPI \Device\00000069                                                                                                                        acpi.sys
Device          \Driver\Tcpip \Device\WFP                                                                                                                            tcpip.sys
Device          \Driver\Tcpip \Device\WFP                                                                                                                            ntkrnlpa.exe
Device          \Driver\usbhub \Device\00000079                                                                                                                      usbhub.sys
Device          \Driver\usbhub \Device\00000079                                                                                                                      ntkrnlpa.exe
Device          \Driver\ACPI_HAL \Device\0000005a                                                                                                                    ntkrnlpa.exe
Device          \Driver\MountMgr \Device\MountPointManager                                                                                                           mountmgr.sys
Device          \Driver\MountMgr \Device\MountPointManager                                                                                                           ntkrnlpa.exe
Device          \FileSystem\Mup \Device\Mup                                                                                                                          mup.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                                   storport.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                                   ntkrnlpa.exe
Device          \Driver\partmgr \Device\PartmgrControl                                                                                                               partmgr.sys
Device          \Driver\disk \Device\Harddisk0\DR0                                                                                                                   CLASSPNP.SYS
Device          \Driver\disk \Device\Harddisk0\DR0                                                                                                                   ntkrnlpa.exe
Device          \Driver\ACPI \Device\0000006a                                                                                                                        acpi.sys
Device          \FileSystem\RAW \Device\RawDisk                                                                                                                      ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawDisk                                                                                                                      ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawDisk                                                                                                                      ntkrnlpa.exe
Device          \Driver\ACPI \Device\0000006b                                                                                                                        acpi.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                     ntkrnlpa.exe
Device          \Driver\Null \Device\Null                                                                                                                            Null.SYS
Device          \Driver\Null \Device\Null                                                                                                                            ntkrnlpa.exe
Device          \Driver\ACPI \Device\0000006c                                                                                                                        acpi.sys
Device          \Driver\usbhub \Device\0000007a                                                                                                                      usbhub.sys
Device          \Driver\usbhub \Device\0000007a                                                                                                                      ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                     ntkrnlpa.exe
Device          \Driver\Tcpip \Device\NXTIPSEC                                                                                                                       tcpip.sys
Device          \Driver\Tcpip \Device\NXTIPSEC                                                                                                                       ntkrnlpa.exe
Device          \Driver\usbhub \Device\0000007b                                                                                                                      usbhub.sys
Device          \Driver\usbhub \Device\0000007b                                                                                                                      ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBFDO-2                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBFDO-2                                                                                                                     ntkrnlpa.exe
Device          \Driver\usbhub \Device\0000007c                                                                                                                      usbhub.sys
Device          \Driver\usbhub \Device\0000007c                                                                                                                      ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                                     ntkrnlpa.exe
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                                                   Npfs.SYS
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                                                   ntkrnlpa.exe
Device          \Driver\usbhub \Device\0000007d                                                                                                                      usbhub.sys
Device          \Driver\usbhub \Device\0000007d                                                                                                                      ntkrnlpa.exe
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                                     USBPORT.SYS
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                                     ntkrnlpa.exe
Device          \Driver\kgloypow \Device\kgloypow                                                                                                                    kgloypow.sys
Device          \Driver\kgloypow \Device\kgloypow                                                                                                                    ntkrnlpa.exe
Device          \FileSystem\Msfs \Device\Mailslot                                                                                                                    Msfs.SYS
Device          \FileSystem\Msfs \Device\Mailslot                                                                                                                    ntkrnlpa.exe
Device          \Driver\usbhub \Device\0000007e                                                                                                                      usbhub.sys
Device          \Driver\usbhub \Device\0000007e                                                                                                                      ntkrnlpa.exe
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                                     USBPORT.SYS
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                                     ntkrnlpa.exe
Device          \FileSystem\FileInfo \Device\FileInfo                                                                                                                fileinfo.sys
Device          \FileSystem\FileInfo \Device\FileInfo                                                                                                                ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawCdRom                                                                                                                     ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawCdRom                                                                                                                     ntkrnlpa.exe
Device          \FileSystem\RAW \Device\RawCdRom                                                                                                                     ntkrnlpa.exe
Device          \Driver\Tcpip \Device\WfpAle                                                                                                                         tcpip.sys
Device          \Driver\Tcpip \Device\WfpAle                                                                                                                         ntkrnlpa.exe
Device          \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer                                                                                                       Fs_Rec.SYS
Device          \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer                                                                                                       ntkrnlpa.exe
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                                                                   Fs_Rec.SYS
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                                                                   ntkrnlpa.exe
Device          \FileSystem\Filters\FltMgrMsg                                                                                                                        
Device          \FileSystem\FltMgr \FileSystem\Filters\FltMgr                                                                                                        fltmgr.sys
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                                                                    Fs_Rec.SYS
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                                                                    ntkrnlpa.exe
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                                                        Fs_Rec.SYS
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                                                        ntkrnlpa.exe
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                                                                     Fs_Rec.SYS
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                                                                     ntkrnlpa.exe
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                                                                    Fs_Rec.SYS
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                                                                    ntkrnlpa.exe
Device          \FileSystem\cdfs \Cdfs                                                                                                                               cdfs.sys
Device          \FileSystem\cdfs \Cdfs                                                                                                                               ntkrnlpa.exe
Device          \FileSystem\cdfs \Cdfs                                                                                                                               ntkrnlpa.exe

---- Trace I/O - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys                                                     ffffffff81e45000
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x844b2030]                                                                                              844b2030
Trace           3 CLASSPNP.SYS[863a7745] -> nt!IofCallDriver -> [0x844a3528]                                                                                         844a3528
Trace           5 acpi.sys[828106a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x844af030]                                                                844af030

---- Modules - GMER 2.1 ----

Module          \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation SIGNED)(2011-02-09 17:08:10)                                             81E45000-821FE000 (3903488 bytes)
Module          \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation SIGNED)(2006-11-02 10:25:51)                                      81E12000-81E45000 (208896 bytes)
Module          \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation SIGNED)(2010-01-09 13:04:13)                                  8060B000-80613000 (32768 bytes)
Module          \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation SIGNED)(2010-01-09 13:08:03)                           80613000-80624000 (69632 bytes)
Module          \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:17)                                                 80624000-8062C000 (32768 bytes)
Module          \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:25)                                      8062C000-8066D000 (266240 bytes)
Module          \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation SIGNED)(2008-04-12 07:47:22)                                                8066D000-8074D000 (917504 bytes)
Module          \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation SIGNED)(2010-01-09 13:05:50)                                            8074D000-807C9000 (507904 bytes)
Module          \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation SIGNED)(2010-01-09 13:04:51)                                                   807C9000-807D6000 (53248 bytes)
Module          \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation SIGNED)(2010-01-09 13:05:56)                                         82808000-8284E000 (286720 bytes)
Module          \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation SIGNED)(2010-01-09 13:03:45)                           8284E000-82857000 (36864 bytes)
Module          \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:43)                                             82857000-8285F000 (32768 bytes)
Module          \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:05:54)                             8285F000-82886000 (159744 bytes)
Module          \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:44)                             82886000-82895000 (61440 bytes)
Module          \SystemRoot\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:17)                               82895000-82898000 (12288 bytes)
Module          \SystemRoot\system32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33)                                      82898000-828A2000 (40960 bytes)
Module          \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:05)                                    828A2000-828B1000 (61440 bytes)
Module          \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:50)                         828B1000-828FB000 (303104 bytes)
Module          \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:02)                               828FB000-82902000 (28672 bytes)
Module          \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation SIGNED)(2010-01-09 13:04:29)                            82902000-82910000 (57344 bytes)
Module          \SystemRoot\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:50)                                        82910000-8293D000 (184320 bytes)
Module          \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation SIGNED)(2010-01-09 13:04:42)                                    8293D000-8294D000 (65536 bytes)
Module          \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:23)                                 8294D000-82955000 (32768 bytes)
Module          \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation SIGNED)(2010-01-09 13:04:43)                                  82955000-82973000 (122880 bytes)
Module          \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation SIGNED)(2010-01-09 13:05:30)                      82973000-829A5000 (204800 bytes)
Module          \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:39)                                 829A5000-829B5000 (65536 bytes)
Module          \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)(2006-07-24 01:00:00)                         829B5000-829BE000 (36864 bytes)
Module          \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)               82A07000-82A78000 (462848 bytes)
Module          \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:54)                                    82A78000-82B83000 (1093632 bytes)
Module          \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation SIGNED)(2010-01-09 13:04:27)                     82B83000-82BAE000 (176128 bytes)
Module          \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation SIGNED)(2010-01-09 13:06:08)                                     82BAE000-82BE8000 (237568 bytes)
Module          \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation SIGNED)(2010-12-26 05:40:45)                                             86003000-860EC000 (954368 bytes)
Module          \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation SIGNED)(2010-01-09 13:05:35)                              860EC000-86107000 (110592 bytes)
Module          \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:07:38)                                      8620B000-8631A000 (1110016 bytes)
Module          \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:29)                               8631A000-86353000 (233472 bytes)
Module          \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:47)                                8635B000-8636A000 (61440 bytes)
Module          \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation SIGNED)(2010-01-09 13:06:02)                              8636A000-86391000 (159744 bytes)
Module          \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:22)                                            86391000-863A2000 (69632 bytes)
Module          \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation SIGNED)(2010-01-09 13:04:57)                                  863A2000-863C3000 (135168 bytes)
Module          \SystemRoot\system32\DRIVERS\AtiPcie.sys (ATI PCIE Driver for ATI PCIE chipset/ATI Technologies Inc. SIGNED)(2007-06-30 04:44:28)                    863C3000-863CB000 (32768 bytes)
Module          \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation SIGNED)(2006-11-02 08:52:27)                   863CB000-863D4000 (36864 bytes)
Module          \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:49)                                863F4000-863FE000 (40960 bytes)
Module          \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:44)                               86107000-86145000 (253952 bytes)
Module          \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:54)                               86145000-86154000 (61440 bytes)
Module          \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:32)                                        86154000-8616C000 (98304 bytes)
Module          \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:25)                       8616C000-8617E000 (73728 bytes)
Module          \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:36)                                      8617E000-86191000 (77824 bytes)
Module          \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:12)                                  86200000-8620B000 (45056 bytes)
Module          \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc. SIGNED)(2007-01-12 13:59:02)                                       86191000-861BC000 (176128 bytes)
Module          \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:36)                                86353000-86355000 (8192 bytes)
Module          \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10)                                     861BC000-861C7000 (45056 bytes)
Module          \SystemRoot\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P. SIGNED)(2007-06-30 06:19:44)  86355000-86358000 (12288 bytes)
Module          \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation SIGNED)(2010-01-09 13:02:10)                                      861C7000-861D7000 (65536 bytes)
Module          \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation SIGNED)(2010-01-09 13:01:36)                                    861D7000-861DE000 (28672 bytes)
Module          \SystemRoot\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation SIGNED)(2010-01-09 13:02:08)                   861DE000-861E7000 (36864 bytes)
Module          \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:01)                        829BE000-829EC000 (188416 bytes)
Module          \SystemRoot\system32\DRIVERS\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:09)                          89E09000-89E4A000 (266240 bytes)
Module          \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation SIGNED)(2010-01-09 13:02:22)                                                 89E4A000-89E55000 (45056 bytes)
Module          \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33)                                   89E55000-89E65000 (65536 bytes)
Module          \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:45)                 89E65000-89E67000 (8192 bytes)
Module          \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation SIGNED)(2010-01-09 13:04:08)                                           89E67000-89E91000 (172032 bytes)
Module          \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10)                          89E91000-89E9B000 (40960 bytes)
Module          \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:50)                                  89E9B000-89EA8000 (53248 bytes)
Module          \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation SIGNED)(2010-01-09 13:04:46)                               89EA8000-89EDC000 (212992 bytes)
Module          \SystemRoot\system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:56)                               89EDC000-89EE5000 (36864 bytes)
Module          \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:31)                            89EE5000-89EEE000 (36864 bytes)
Module          \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38)                                                89EEE000-89EF5000 (28672 bytes)
Module          \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:41)                                                89EF5000-89EFC000 (28672 bytes)
Module          \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38)                                  89EFC000-89F08000 (49152 bytes)
Module          \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:21)                                      89F08000-89F29000 (135168 bytes)
Module          \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:58)                                        89F29000-89F36000 (53248 bytes)
Module          \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:57)                                            89F36000-89F41000 (45056 bytes)
Module          \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:14)                                                89F41000-89F4F000 (57344 bytes)
Module          \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:21)                                      89F4F000-89F5C000 (53248 bytes)
Module          \SystemRoot\System32\Drivers\dump_dumpata.sys                                                                                                        89F5C000-89F67000 (45056 bytes)
Module          \SystemRoot\System32\Drivers\dump_atapi.sys                                                                                                          89F67000-89F6F000 (32768 bytes)
Module          \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation SIGNED)(2011-07-13 18:21:18)                                          81440000-81644000 (2113536 bytes)
Module          \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:40)                                        89F6F000-89F79000 (40960 bytes)
Module          \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:58)                                     81650000-81667000 (94208 bytes)
Module          \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:36)                                        81680000-81689000 (36864 bytes)
Module          \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:36)                                     81700000-81708000 (32768 bytes)
Module          \??\C:\Users\ADMINI~1\AppData\Local\Temp\kgloypow.sys (GMER)                                                                                         89F79000-89F93000 (106496 bytes)
Module          \SystemRoot\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:58)                                  89F93000-89FA9000 (90112 bytes)
Module          \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation SIGNED)(2011-02-09 17:08:14)
         
__________________

Alt 23.06.2014, 22:48   #4
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Gmer zum Dritten

Code:
ATTFilter
---- Processes - GMER 2.1 ----

Process         System Idle                                                                                                                                          0
Process         System                                                                                                                                               4
Process         C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation SIGNED)(2010-01-09 13:04:28)                                             240
Library         C:\Windows\System32\smss.exe                                                                                                                         0x47910000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000

Process         C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation SIGNED)(2010-01-09 13:02:25)                                      304
Library         C:\Windows\system32\csrss.exe                                                                                                                        0x499E0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\CSRSRV.dll                                                                                                                       0x75D20000
Library         C:\Windows\system32\basesrv.dll                                                                                                                      0x75D00000
Library         C:\Windows\system32\winsrv.dll                                                                                                                       0x75CA0000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\KERNEL32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\sxs.dll                                                                                                                          0x75B70000

Process         C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation SIGNED)(2010-01-09 13:02:25)                                      340
Library         C:\Windows\system32\csrss.exe                                                                                                                        0x499E0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\CSRSRV.dll                                                                                                                       0x75D20000
Library         C:\Windows\system32\basesrv.dll                                                                                                                      0x75D00000
Library         C:\Windows\system32\winsrv.dll                                                                                                                       0x75CA0000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\KERNEL32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\sxs.dll                                                                                                                          0x75B70000

Process         C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation SIGNED)(2010-01-09 13:05:06)                                     348
Library         C:\Windows\system32\wininit.exe                                                                                                                      0x00140000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000

Process         C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation SIGNED)(2010-01-09 13:05:41)                                       376
Library         C:\Windows\system32\winlogon.exe                                                                                                                     0x00DD0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\WINSTA.dll                                                                                                                       0x75C30000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\SHSVCS.dll                                                                                                                       0x74490000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\system32\MPR.dll                                                                                                                          0x757F0000

Process         C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation SIGNED)(2010-01-09 13:05:25)                                     424
Library         C:\Windows\system32\services.exe                                                                                                                     0x00B70000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\SCESRV.dll                                                                                                                       0x75BE0000
Library         C:\Windows\system32\AUTHZ.dll                                                                                                                        0x75A10000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\NCObjAPI.DLL                                                                                                                     0x75900000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000

Process         C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)                                   436
Library         C:\Windows\system32\lsass.exe                                                                                                                        0x002A0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\LSASRV.dll                                                                                                                       0x75A30000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\SAMSRV.dll                                                                                                                       0x75910000
Library         C:\Windows\system32\cryptdll.dll                                                                                                                     0x758D0000
Library         C:\Windows\system32\DNSAPI.dll                                                                                                                       0x758A0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\NTDSAPI.dll                                                                                                                      0x75830000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\FeClient.dll                                                                                                                     0x75810000
Library         C:\Windows\system32\MPR.dll                                                                                                                          0x757F0000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\system32\SYSNTFY.dll                                                                                                                      0x75BD0000
Library         C:\Windows\system32\wevtapi.dll                                                                                                                      0x75670000
Library         C:\Windows\system32\IPHLPAPI.DLL                                                                                                                     0x75650000
Library         C:\Windows\system32\dhcpcsvc.DLL                                                                                                                     0x754D0000
Library         C:\Windows\system32\WINNSI.DLL                                                                                                                       0x75850000
Library         C:\Windows\system32\dhcpcsvc6.DLL                                                                                                                    0x75610000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\cngaudit.dll                                                                                                                     0x75640000
Library         C:\Windows\system32\AUTHZ.dll                                                                                                                        0x75A10000
Library         C:\Windows\system32\ncrypt.dll                                                                                                                       0x755D0000
Library         C:\Windows\system32\BCRYPT.dll                                                                                                                       0x75580000
Library         C:\Windows\system32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\msprivs.dll                                                                                                                      0x75550000
Library         C:\Windows\system32\kerberos.dll                                                                                                                     0x75450000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wship6.dll                                                                                                                       0x75430000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000
Library         C:\Windows\system32\msv1_0.dll                                                                                                                       0x753D0000
Library         C:\Windows\system32\netlogon.dll                                                                                                                     0x75250000
Library         C:\Windows\system32\WINBRAND.dll                                                                                                                     0x752F0000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\system32\wdigest.dll                                                                                                                      0x751D0000
Library         C:\Windows\system32\rsaenh.dll                                                                                                                       0x75160000
Library         C:\Windows\system32\tspkg.dll                                                                                                                        0x751B0000
Library         C:\Windows\system32\GPAPI.dll                                                                                                                        0x75410000
Library         C:\Windows\system32\setupapi.dll                                                                                                                     0x77590000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\scecli.dll                                                                                                                       0x75130000
Library         C:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll                                                                                                0x10000000
Library         C:\Windows\system32\WINMM.dll                                                                                                                        0x750F0000
Library         C:\Windows\system32\OLEACC.dll                                                                                                                       0x750B0000
Library         C:\Windows\system32\SHLWAPI.dll                                                                                                                      0x77340000
Library         C:\Windows\system32\MSVCR70.dll                                                                                                                      0x7C000000
Library         C:\Program Files\Hewlett-Packard\IAM\bin\ItMsg.dll                                                                                                   0x01440000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll                           0x74D70000
Library         C:\Windows\system32\keyiso.dll                                                                                                                       0x74980000

Process         C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation SIGNED)(2010-01-09 13:06:20)                                        444
Library         C:\Windows\system32\lsm.exe                                                                                                                          0x00220000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\SYSNTFY.dll                                                                                                                      0x75BD0000
Library         C:\Windows\system32\WMsgAPI.dll                                                                                                                      0x758F0000
Library         C:\Windows\system32\secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000

Process         C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                600
Library         C:\Windows\system32\svchost.exe                                                                                                                      0x002D0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         c:\windows\system32\umpnpmgr.dll                                                                                                                     0x75000000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         c:\windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         c:\windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\POWRPROF.dll                                                                                                                     0x75060000
Library         C:\Windows\system32\GPAPI.dll                                                                                                                        0x75410000
Library         C:\Windows\system32\slc.dll                                                                                                                          0x756B0000
Library         c:\windows\system32\rpcss.dll                                                                                                                        0x74CE0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         c:\windows\system32\FirewallAPI.dll                                                                                                                  0x74F90000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         c:\windows\system32\VERSION.dll                                                                                                                      0x75560000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\SETUPAPI.dll                                                                                                                     0x77590000
Library         C:\Windows\system32\CLBCatQ.DLL                                                                                                                      0x77500000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\WINSTA.dll                                                                                                                       0x75C30000
Library         C:\Windows\system32\WTSAPI32.dll                                                                                                                     0x74A00000

Process         C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                656
Library         C:\Windows\system32\svchost.exe                                                                                                                      0x002D0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         c:\windows\system32\rpcss.dll                                                                                                                        0x74CE0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         c:\windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         c:\windows\system32\FirewallAPI.dll                                                                                                                  0x74F90000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         c:\windows\system32\VERSION.dll                                                                                                                      0x75560000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\rsaenh.dll                                                                                                                       0x75160000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000
Library         C:\Windows\system32\CLBCatQ.DLL                                                                                                                      0x77500000

Process         C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                688
Library         C:\Windows\System32\svchost.exe                                                                                                                      0x002D0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         c:\program files\windows defender\mpsvc.dll                                                                                                          0x74C90000
Library         C:\Windows\system32\VERSION.dll                                                                                                                      0x75560000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\WINTRUST.dll                                                                                                                     0x74F60000
Library         C:\Windows\system32\imagehlp.dll                                                                                                                     0x76080000
Library         c:\program files\windows defender\MpClient.dll                                                                                                       0x74F10000
Library         C:\Windows\system32\SHELL32.dll                                                                                                                      0x762A0000
Library         C:\Windows\system32\SHLWAPI.dll                                                                                                                      0x77340000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll                           0x74D70000
Library         C:\Windows\System32\GPAPI.dll                                                                                                                        0x75410000
Library         C:\Windows\System32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\System32\rsaenh.dll                                                                                                                       0x75160000
Library         C:\Windows\system32\psapi.dll                                                                                                                        0x75D30000
Library         C:\Windows\System32\ncrypt.dll                                                                                                                       0x755D0000
Library         C:\Windows\System32\BCRYPT.dll                                                                                                                       0x75580000
Library         C:\Windows\System32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\System32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CC75080-364F-47A4-B1BE-7658BFF20F2B}\mpengine.dll                                     0x73150000
Library         c:\program files\windows defender\mprtplug.dll                                                                                                       0x74990000
Library         C:\Windows\System32\tdh.dll                                                                                                                          0x74040000
Library         C:\Windows\System32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\System32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\System32\wscapi.dll                                                                                                                       0x75050000
Library         C:\Windows\system32\urlmon.dll                                                                                                                       0x773C0000
Library         C:\Windows\system32\iertutil.dll                                                                                                                     0x77000000
Library         C:\Windows\system32\CLBCatQ.DLL                                                                                                                      0x77500000

Process         C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                780
Library         C:\Windows\System32\svchost.exe                                                                                                                      0x002D0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         c:\windows\system32\wevtsvc.dll                                                                                                                      0x74600000
Library         c:\windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         c:\windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         c:\windows\system32\VERSION.dll                                                                                                                      0x75560000
Library         c:\windows\system32\GPAPI.dll                                                                                                                        0x75410000
Library         c:\windows\system32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\System32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\System32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\System32\credssp.dll                                                                                                                      0x75570000
Library         C:\Windows\system32\schannel.dll                                                                                                                     0x75200000
Library         C:\Windows\System32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000

Process         C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                808
Library         C:\Windows\system32\svchost.exe                                                                                                                      0x002D0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         c:\windows\system32\profsvc.dll                                                                                                                      0x749A0000
Library         c:\windows\system32\SYSNTFY.dll                                                                                                                      0x75BD0000
Library         c:\windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         c:\windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         c:\windows\system32\nlaapi.dll                                                                                                                       0x75040000
Library         c:\windows\system32\IPHLPAPI.DLL                                                                                                                     0x75650000
Library         c:\windows\system32\dhcpcsvc.DLL                                                                                                                     0x754D0000
Library         c:\windows\system32\DNSAPI.dll                                                                                                                       0x758A0000
Library         c:\windows\system32\WINNSI.DLL                                                                                                                       0x75850000
Library         c:\windows\system32\dhcpcsvc6.DLL                                                                                                                    0x75610000
Library         c:\windows\system32\ATL.DLL                                                                                                                          0x74A10000
Library         C:\Windows\system32\CLBCatQ.DLL                                                                                                                      0x77500000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         C:\Windows\system32\rsaenh.dll                                                                                                                       0x75160000

Process         C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                876
Library         C:\Windows\system32\svchost.exe                                                                                                                      0x002D0000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         c:\windows\system32\cryptsvc.dll                                                                                                                     0x74920000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         c:\windows\system32\VSSAPI.DLL                                                                                                                       0x74170000
Library         c:\windows\system32\ATL.DLL                                                                                                                          0x74A10000
Library         c:\windows\system32\vsstrace.dll                                                                                                                     0x74960000
Library         c:\windows\system32\AUTHZ.dll                                                                                                                        0x75A10000
Library         c:\windows\system32\XmlLite.dll                                                                                                                      0x749D0000
Library         c:\windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         c:\windows\system32\MPR.dll                                                                                                                          0x757F0000
Library         C:\Windows\system32\SETUPAPI.dll                                                                                                                     0x77590000
Library         c:\windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         c:\windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         c:\windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         c:\windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\ESENT.dll                                                                                                                        0x70850000
Library         C:\Windows\system32\SHELL32.dll                                                                                                                      0x762A0000
Library         C:\Windows\system32\SHLWAPI.dll                                                                                                                      0x77340000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll                           0x74D70000
Library         C:\Windows\system32\CRYPTNET.dll                                                                                                                     0x70C30000
Library         C:\Windows\system32\SensApi.dll                                                                                                                      0x73A50000
Library         C:\Windows\system32\WINHTTP.dll                                                                                                                      0x71370000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000
Library         C:\Windows\System32\wship6.dll                                                                                                                       0x75430000
Library         C:\Windows\system32\IPHLPAPI.DLL                                                                                                                     0x75650000
Library         C:\Windows\system32\dhcpcsvc.DLL                                                                                                                     0x754D0000
Library         C:\Windows\system32\DNSAPI.dll                                                                                                                       0x758A0000
Library         C:\Windows\system32\WINNSI.DLL                                                                                                                       0x75850000
Library         C:\Windows\system32\dhcpcsvc6.DLL                                                                                                                    0x75610000

Process         C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation SIGNED)(2008-12-15 07:14:27)                                                         1076
Library         C:\Windows\Explorer.EXE                                                                                                                              0x00780000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\SHLWAPI.dll                                                                                                                      0x77340000
Library         C:\Windows\system32\SHELL32.dll                                                                                                                      0x762A0000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\OLEAUT32.dll                                                                                                                     0x77870000
Library         C:\Windows\system32\SHDOCVW.dll                                                                                                                      0x73EA0000
Library         C:\Windows\system32\UxTheme.dll                                                                                                                      0x74A60000
Library         C:\Windows\system32\POWRPROF.dll                                                                                                                     0x75060000
Library         C:\Windows\system32\dwmapi.dll                                                                                                                       0x74950000
Library         C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll                                    0x74700000
Library         C:\Windows\system32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\system32\PROPSYS.dll                                                                                                                      0x740B0000
Library         C:\Windows\system32\BROWSEUI.dll                                                                                                                     0x73D50000
Library         C:\Windows\system32\IMM32.dll                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\DUser.dll                                                                                                                        0x74A30000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll                           0x74D70000
Library         C:\Windows\system32\WindowsCodecs.dll                                                                                                                0x73C90000
Library         C:\Windows\system32\IconCodecService.dll                                                                                                             0x748E0000
Library         C:\Windows\system32\CLBCatQ.DLL                                                                                                                      0x77500000
Library         C:\Windows\system32\rsaenh.dll                                                                                                                       0x75160000
Library         C:\Windows\system32\timedate.cpl                                                                                                                     0x73BD0000
Library         C:\Windows\system32\ATL.DLL                                                                                                                          0x74A10000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\PSAPI.DLL                                                                                                                        0x75D30000
Library         C:\Windows\system32\OLEACC.dll                                                                                                                       0x750B0000
Library         C:\Windows\system32\WINBRAND.dll                                                                                                                     0x752F0000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\msutb.dll                                                                                                                        0x73BA0000
Library         C:\Windows\system32\WTSAPI32.dll                                                                                                                     0x74A00000
Library         C:\Windows\System32\shacct.dll                                                                                                                       0x748C0000
Library         C:\Windows\System32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\apphelp.dll                                                                                                                      0x74460000
Library         C:\Windows\System32\msshsq.dll                                                                                                                       0x73B20000
Library         C:\Windows\System32\NaturalLanguage6.dll                                                                                                             0x73980000
Library         C:\Windows\System32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\System32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\System32\NLSData0007.dll                                                                                                                  0x72CF0000
Library         C:\Windows\System32\NLSLexicons0007.dll                                                                                                              0x71590000
Library         C:\Windows\system32\authui.dll                                                                                                                       0x74AA0000
Library         C:\Windows\system32\MSIMG32.dll                                                                                                                      0x751A0000
Library         C:\Windows\system32\ieframe.dll                                                                                                                      0x72250000
Library         C:\Windows\system32\iertutil.dll                                                                                                                     0x77000000
Library         C:\Windows\system32\LINKINFO.dll                                                                                                                     0x748F0000
Library         C:\Windows\system32\WININET.dll                                                                                                                      0x761B0000
Library         C:\Windows\system32\Normaliz.dll                                                                                                                     0x773B0000
Library         C:\Windows\system32\urlmon.dll                                                                                                                       0x773C0000
Library         C:\Windows\system32\ExplorerFrame.dll                                                                                                                0x748B0000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\WINMM.dll                                                                                                                        0x750F0000
Library         C:\Windows\system32\wdmaud.drv                                                                                                                       0x74010000
Library         C:\Windows\system32\ksuser.dll                                                                                                                       0x74450000
Library         C:\Windows\system32\MMDevAPI.DLL                                                                                                                     0x73FE0000
Library         C:\Windows\system32\AVRT.dll                                                                                                                         0x74440000
Library         C:\Windows\system32\ntshrui.dll                                                                                                                      0x73AD0000
Library         C:\Windows\system32\cscapi.dll                                                                                                                       0x74910000
Library         C:\Windows\system32\stobject.dll                                                                                                                     0x73010000
Library         C:\Windows\system32\BatMeter.dll                                                                                                                     0x72F50000
Library         C:\Windows\system32\SETUPAPI.dll                                                                                                                     0x77590000
Library         C:\Windows\system32\WINSTA.dll                                                                                                                       0x75C30000
Library         C:\Windows\system32\es.dll                                                                                                                           0x73930000
Library         C:\Windows\System32\SndVolSSO.dll                                                                                                                    0x73AA0000
Library         C:\Windows\System32\netshell.dll                                                                                                                     0x70F70000
Library         C:\Windows\System32\IPHLPAPI.DLL                                                                                                                     0x75650000
Library         C:\Windows\System32\dhcpcsvc.DLL                                                                                                                     0x754D0000
Library         C:\Windows\System32\DNSAPI.dll                                                                                                                       0x758A0000
Library         C:\Windows\System32\WINNSI.DLL                                                                                                                       0x75850000
Library         C:\Windows\System32\dhcpcsvc6.DLL                                                                                                                    0x75610000
Library         C:\Windows\System32\nlaapi.dll                                                                                                                       0x75040000
Library         C:\Windows\system32\pnidui.dll                                                                                                                       0x713D0000
Library         C:\Windows\system32\QUtil.dll                                                                                                                        0x73FC0000
Library         C:\Windows\system32\wevtapi.dll                                                                                                                      0x75670000
Library         C:\Windows\system32\wlanutil.dll                                                                                                                     0x74900000
Library         C:\Windows\system32\msiltcfg.dll                                                                                                                     0x73FB0000
Library         C:\Windows\system32\VERSION.dll                                                                                                                      0x75560000
Library         C:\Windows\system32\msi.dll                                                                                                                          0x70A00000
Library         C:\Windows\system32\SXS.DLL                                                                                                                          0x75B70000
Library         C:\Windows\system32\ACTXPRXY.DLL                                                                                                                     0x721F0000
Library         C:\Windows\system32\thumbcache.dll                                                                                                                   0x73B80000
Library         C:\Windows\system32\xmllite.dll                                                                                                                      0x749D0000
Library         C:\Windows\system32\MLANG.dll                                                                                                                        0x73900000
Library         C:\Windows\system32\WINTRUST.dll                                                                                                                     0x74F60000
Library         C:\Windows\system32\imagehlp.dll                                                                                                                     0x76080000
Library         C:\Windows\system32\Wlanapi.dll                                                                                                                      0x73B60000
Library         C:\Windows\system32\OneX.DLL                                                                                                                         0x70DF0000
Library         C:\Windows\system32\eappprxy.dll                                                                                                                     0x73A90000
Library         C:\Windows\system32\eappcfg.dll                                                                                                                      0x73A60000
Library         C:\Windows\system32\bcrypt.dll                                                                                                                       0x75580000
Library         C:\Windows\System32\AltTab.dll                                                                                                                       0x73140000
Library         C:\Windows\system32\wpdshserviceobj.dll                                                                                                              0x730E0000
Library         C:\Windows\system32\WINHTTP.dll                                                                                                                      0x71370000
Library         C:\Windows\System32\srchadmin.dll                                                                                                                    0x712D0000
Library         C:\Windows\System32\webcheck.dll                                                                                                                     0x71290000
Library         C:\Windows\System32\SyncCenter.dll                                                                                                                   0x705C0000
Library         C:\Windows\system32\wscntfy.dll                                                                                                                      0x71330000
Library         C:\Windows\system32\WSCAPI.dll                                                                                                                       0x75050000
Library         C:\Windows\system32\btncopy.dll                                                                                                                      0x10000000
Library         C:\Windows\system32\bthprops.cpl                                                                                                                     0x70CF0000
Library         C:\Windows\system32\PortableDeviceTypes.dll                                                                                                          0x730B0000
Library         C:\Windows\System32\QAgent.dll                                                                                                                       0x72F20000
Library         C:\Windows\System32\fwpuclnt.dll                                                                                                                     0x70C50000
Library         C:\Windows\system32\PortableDeviceApi.dll                                                                                                            0x709C0000
Library         C:\Windows\system32\MPR.dll                                                                                                                          0x757F0000
Library         C:\Windows\System32\ntlanman.dll                                                                                                                     0x72140000
Library         C:\Windows\System32\drprov.dll                                                                                                                       0x73130000
Library         C:\Windows\System32\davclnt.dll                                                                                                                      0x73120000
Library         C:\Windows\system32\imapi2.dll                                                                                                                       0x70560000

Process         C:\Users\Administrator\Downloads\Gmer-19357.exe(2014-06-23 19:06:21)                                                                                 1372
Library         C:\Users\Administrator\Downloads\Gmer-19357.exe                                                                                                      0x00400000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.DLL                          0x72160000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\SHLWAPI.dll                                                                                                                      0x77340000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll                           0x74D70000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\version.dll                                                                                                                      0x75560000
Library         C:\Windows\system32\WinTrust.dll                                                                                                                     0x74F60000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\imagehlp.dll                                                                                                                     0x76080000
Library         C:\Windows\system32\rsaenh.dll                                                                                                                       0x75160000
Library         C:\Windows\system32\ncrypt.dll                                                                                                                       0x755D0000
Library         C:\Windows\system32\BCRYPT.dll                                                                                                                       0x75580000
Library         C:\Windows\system32\psapi.dll                                                                                                                        0x75D30000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\GPAPI.dll                                                                                                                        0x75410000
Library         C:\Windows\system32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\system32\cryptnet.dll                                                                                                                     0x70C30000
Library         C:\Windows\system32\SensApi.dll                                                                                                                      0x73A50000
Library         C:\Windows\system32\SHELL32.dll                                                                                                                      0x762A0000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\Cabinet.dll                                                                                                                      0x70C10000
Library         C:\Windows\system32\WINHTTP.dll                                                                                                                      0x71370000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000
Library         C:\Windows\System32\wship6.dll                                                                                                                       0x75430000
Library         C:\Windows\system32\IPHLPAPI.DLL                                                                                                                     0x75650000
Library         C:\Windows\system32\dhcpcsvc.DLL                                                                                                                     0x754D0000
Library         C:\Windows\system32\DNSAPI.dll                                                                                                                       0x758A0000
Library         C:\Windows\system32\WINNSI.DLL                                                                                                                       0x75850000
Library         C:\Windows\system32\dhcpcsvc6.DLL                                                                                                                    0x75610000

Process         C:\Users\Administrator\Downloads\Gmer-19357.exe(2014-06-23 19:06:21)                                                                                 1512
Library         C:\Users\Administrator\Downloads\Gmer-19357.exe                                                                                                      0x00400000
Library         C:\Windows\system32\ntdll.dll                                                                                                                        0x77720000
Library         C:\Windows\system32\kernel32.dll                                                                                                                     0x75F20000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.DLL                          0x72160000
Library         C:\Windows\system32\ADVAPI32.dll                                                                                                                     0x76DC0000
Library         C:\Windows\system32\RPCRT4.dll                                                                                                                       0x77270000
Library         C:\Windows\system32\GDI32.dll                                                                                                                        0x77220000
Library         C:\Windows\system32\USER32.dll                                                                                                                       0x76F60000
Library         C:\Windows\system32\IMM32.DLL                                                                                                                        0x77850000
Library         C:\Windows\system32\MSCTF.dll                                                                                                                        0x76E90000
Library         C:\Windows\system32\msvcrt.dll                                                                                                                       0x76100000
Library         C:\Windows\system32\LPK.DLL                                                                                                                          0x76DB0000
Library         C:\Windows\system32\USP10.dll                                                                                                                        0x77900000
Library         C:\Windows\system32\ole32.dll                                                                                                                        0x75DD0000
Library         C:\Windows\system32\SHLWAPI.dll                                                                                                                      0x77340000
Library         C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll                           0x74D70000
Library         C:\Windows\system32\version.dll                                                                                                                      0x75560000
Library         C:\Windows\system32\WinTrust.dll                                                                                                                     0x74F60000
Library         C:\Windows\system32\CRYPT32.dll                                                                                                                      0x756F0000
Library         C:\Windows\system32\MSASN1.dll                                                                                                                       0x75860000
Library         C:\Windows\system32\USERENV.dll                                                                                                                      0x75C80000
Library         C:\Windows\system32\Secur32.dll                                                                                                                      0x75C60000
Library         C:\Windows\system32\imagehlp.dll                                                                                                                     0x76080000
Library         C:\Windows\system32\rsaenh.dll                                                                                                                       0x75160000
Library         C:\Windows\system32\ncrypt.dll                                                                                                                       0x755D0000
Library         C:\Windows\system32\BCRYPT.dll                                                                                                                       0x75580000
Library         C:\Windows\system32\psapi.dll                                                                                                                        0x75D30000
Library         C:\Windows\system32\NTMARTA.DLL                                                                                                                      0x75080000
Library         C:\Windows\system32\WLDAP32.dll                                                                                                                      0x760B0000
Library         C:\Windows\system32\WS2_32.dll                                                                                                                       0x771F0000
Library         C:\Windows\system32\NSI.dll                                                                                                                          0x773A0000
Library         C:\Windows\system32\SAMLIB.dll                                                                                                                       0x75880000
Library         C:\Windows\system32\GPAPI.dll                                                                                                                        0x75410000
Library         C:\Windows\system32\slc.dll                                                                                                                          0x756B0000
Library         C:\Windows\system32\cryptnet.dll                                                                                                                     0x70C30000
Library         C:\Windows\system32\SensApi.dll                                                                                                                      0x73A50000
Library         C:\Windows\system32\SHELL32.dll                                                                                                                      0x762A0000
Library         C:\Windows\system32\NETAPI32.dll                                                                                                                     0x75990000
Library         C:\Windows\system32\Cabinet.dll                                                                                                                      0x70C10000
Library         C:\Windows\system32\WINHTTP.dll                                                                                                                      0x71370000
Library         C:\Windows\system32\mswsock.dll                                                                                                                      0x75510000
Library         C:\Windows\System32\wshtcpip.dll                                                                                                                     0x75440000
Library         C:\Windows\System32\wship6.dll                                                                                                                       0x75430000
Library         C:\Windows\system32\IPHLPAPI.DLL                                                                                                                     0x75650000
Library         C:\Windows\system32\dhcpcsvc.DLL                                                                                                                     0x754D0000
Library         C:\Windows\system32\DNSAPI.dll                                                                                                                       0x758A0000
Library         C:\Windows\system32\WINNSI.DLL                                                                                                                       0x75850000
Library         C:\Windows\system32\dhcpcsvc6.DLL                                                                                                                    0x75610000

Process          (*** hidden *** )                                                                                                                                   [4] 83652860
         

Alt 23.06.2014, 22:50   #5
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Gmer zum Vierten

Code:
ATTFilter
---- Services - GMER 2.1 ----

Service         C:\Windows\system32\netfxperf.dll                                                                                                                    .NET CLR Data
Service         C:\Windows\system32\netfxperf.dll                                                                                                                    .NET CLR Networking
Service         C:\Windows\system32\netfxperf.dll                                                                                                                    .NET CLR Networking 4.0.0.0
Service         C:\Windows\system32\netfxperf.dll                                                                                                                    .NET Data Provider for Oracle
Service         C:\Windows\system32\netfxperf.dll                                                                                                                    .NET Data Provider for SqlServer
Service         C:\Windows\system32\mscoree.dll                                                                                                                      .NETFramework
Service         C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation SIGNED)(2010-01-09 13:05:56)                                          [BOOT] ACPI
Service         C:\Windows\system32\drivers\ADIHdAud.sys                                                                                                             [MANUAL] ADIHdAudAddService
Service         C:\Windows\system32\drivers\adp94xx.sys                                                                                                              [DISABLED] adp94xx
Service         C:\Windows\system32\drivers\adpahci.sys                                                                                                              [DISABLED] adpahci
Service         C:\Windows\system32\drivers\adpu160m.sys                                                                                                             [DISABLED] adpu160m
Service         C:\Windows\system32\drivers\adpu320.sys                                                                                                              [DISABLED] adpu320
Service                                                                                                                                                              adsi
Service         C:\Windows\System32\aelupsvc.dll                                                                                                                     [AUTO] AeLookupSvc
Service         C:\Windows\system32\drivers\afd.sys                                                                                                                  [SYSTEM] AFD
Service         C:\Windows\system32\agrsmsvc.exe                                                                                                                     [AUTO] AgereModemAudio
Service         C:\Windows\system32\DRIVERS\AGRSM.sys                                                                                                                [MANUAL] AgereSoftModem
Service         C:\Windows\system32\drivers\agp440.sys                                                                                                               [MANUAL] agp440
Service         C:\Windows\system32\drivers\djsvs.sys                                                                                                                [DISABLED] aic78xx
Service         C:\Windows\System32\alg.exe                                                                                                                          [MANUAL] ALG
Service         C:\Windows\system32\drivers\aliide.sys                                                                                                               [DISABLED] aliide
Service         C:\Windows\system32\drivers\amdagp.sys                                                                                                               [MANUAL] amdagp
Service         C:\Windows\system32\drivers\amdide.sys                                                                                                               [DISABLED] amdide
Service         C:\Windows\system32\drivers\amdk7.sys                                                                                                                [DISABLED] AmdK7
Service         C:\Windows\system32\DRIVERS\amdk8.sys                                                                                                                [MANUAL] AmdK8
Service         C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe                                                                                     [AUTO] AntiVirScheduler
Service         C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe                                                                                   [AUTO] AntiVirService
Service         C:\Windows\System32\appinfo.dll                                                                                                                      [MANUAL] Appinfo
Service         C:\Windows\system32\drivers\arc.sys                                                                                                                  [DISABLED] arc
Service         C:\Windows\system32\drivers\arcsas.sys                                                                                                               [DISABLED] arcsas
Service         C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Winlogon notification handler/Cognizance Corporation)(2007-02-07 01:30:00)                    [AUTO] ASBroker
Service         C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll                                                                                                  [AUTO] ASChannel
Service         c:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll                                                                                        ASP.NET_1.1.4322
Service         C:\Windows\system32\DRIVERS\asyncmac.sys                                                                                                             [MANUAL] AsyncMac
Service         C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:23)                                  [BOOT] atapi
Service         C:\Windows\system32\Ati2evxx.exe                                                                                                                     [AUTO] Ati External Event Utility
Service                                                                                                                                                              Atierecord
Service         C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI PCIE Driver for ATI PCIE chipset/ATI Technologies Inc. SIGNED)(2007-06-30 04:44:28)                     [BOOT] AtiPcie
Service         C:\Windows\system32\DRIVERS\ATSwpDrv.sys                                                                                                             [MANUAL] ATSWPDRV
Service         C:\Windows\System32\Audiosrv.dll                                                                                                                     [AUTO] AudioEndpointBuilder
Service         C:\Windows\System32\Audiosrv.dll                                                                                                                     [AUTO] Audiosrv
Service         C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys                                                                                     [SYSTEM] avgio
Service         C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys                                                                                  [MANUAL] avgntflt
Service         C:\Windows\system32\DRIVERS\avipbb.sys                                                                                                               [SYSTEM] avipbb
Service         C:\Windows\system32\DRIVERS\b57nd60x.sys                                                                                                             [MANUAL] b57nd60x
Service         C:\Windows\system32\drivers\BattC.sys (Battery Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33)                                       BattC
Service         C:\Windows\system32\DRIVERS\bcmwl6.sys                                                                                                               [MANUAL] BCM43XV
Service         C:\Windows\system32\DRIVERS\bcmwl6.sys                                                                                                               [MANUAL] BCM43XX
Service         C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe                                                              [AUTO] BcmSqlStartupSvc
Service         C:\Windows\system32\drivers\Beep.sys (BEEP Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:41)                                                 [SYSTEM] Beep
Service         C:\Windows\System32\bfe.dll                                                                                                                          [AUTO] BFE
Service         C:\Windows\System32\qmgr.dll                                                                                                                         [AUTO] BITS
Service         system32\drivers\blbdrive.sys                                                                                                                        [DISABLED] blbdrive
Service         C:\Windows\system32\DRIVERS\bowser.sys                                                                                                               [MANUAL] bowser
Service         C:\Windows\system32\drivers\brfiltlo.sys                                                                                                             [MANUAL] BrFiltLo
Service         C:\Windows\system32\drivers\brfiltup.sys                                                                                                             [MANUAL] BrFiltUp
Service         C:\Windows\System32\browser.dll                                                                                                                      [AUTO] Browser
Service         C:\Windows\system32\drivers\brserid.sys                                                                                                              [DISABLED] Brserid
Service         C:\Windows\system32\drivers\brserwdm.sys                                                                                                             [DISABLED] BrSerWdm
Service         C:\Windows\system32\drivers\brusbmdm.sys                                                                                                             [DISABLED] BrUsbMdm
Service         C:\Windows\system32\drivers\brusbser.sys                                                                                                             [MANUAL] BrUsbSer
Service         C:\Windows\system32\DRIVERS\BthEnum.sys                                                                                                              [MANUAL] BthEnum
Service         C:\Windows\system32\drivers\bthmodem.sys                                                                                                             [DISABLED] BTHMODEM
Service         C:\Windows\system32\DRIVERS\bthpan.sys                                                                                                               [MANUAL] BthPan
Service         C:\Windows\System32\Drivers\BTHport.sys                                                                                                              [MANUAL] BTHPORT
Service         C:\Windows\System32\bthserv.dll                                                                                                                      [AUTO] BthServ
Service         C:\Windows\System32\Drivers\BTHUSB.sys                                                                                                               [MANUAL] BTHUSB
Service                                                                                                                                                              BTKRNL
Service         C:\Windows\system32\drivers\btwaudio.sys                                                                                                             [MANUAL] btwaudio
Service         C:\Windows\system32\drivers\btwavdt.sys                                                                                                              [MANUAL] btwavdt
Service         C:\Windows\system32\DRIVERS\btwrchid.sys                                                                                                             [MANUAL] btwrchid
Service         C:\Windows\system32\drivers\BVRPMPR5.SYS                                                                                                             [MANUAL] BVRPMPR5
Service         C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:58)                                   [DISABLED] cdfs
Service         C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:32)                                         [SYSTEM] cdrom
Service         C:\Windows\System32\certprop.dll                                                                                                                     [MANUAL] CertPropSvc
Service         C:\Windows\system32\drivers\circlass.sys                                                                                                             [DISABLED] circlass
Service         C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:25)                                       [BOOT] CLFS
Service         C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe                                                                                           [DISABLED] clr_optimization_v2.0.50727_32
Service         C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe                                                                                           [AUTO] clr_optimization_v4.0.30319_32
Service         C:\Windows\system32\DRIVERS\CmBatt.sys                                                                                                               [MANUAL] CmBatt
Service         C:\Windows\system32\drivers\cmdide.sys                                                                                                               [DISABLED] cmdide
Service                                                                                                                                                              CognizanceCredMgr
Service         C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe                                                                                 [MANUAL] Com4Qlb
Service         C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:17)                                [BOOT] Compbatt
Service         C:\Windows\system32\dllhost.exe                                                                                                                      [MANUAL] COMSysApp
Service         C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation SIGNED)(2006-11-02 08:52:27)                    [BOOT] crcdisk
Service         C:\Windows\system32\drivers\crusoe.sys                                                                                                               [DISABLED] Crusoe
Service                                                                                                                                                              crypt32
Service         C:\Windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation SIGNED)(2010-01-09 13:04:39)                                          [AUTO] CryptSvc
Service                                                                                                                                                              DCLocator
Service         C:\Windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation SIGNED)(2009-04-16 06:35:46)                                           [AUTO] DcomLaunch
Service         C:\Windows\System32\Drivers\dfsc.sys                                                                                                                 [SYSTEM] DfsC
Service         C:\Windows\system32\DFSR.exe                                                                                                                         [MANUAL] DFSR
Service         C:\Windows\System32\dhcpcsvc.dll (DHCP Client Service/Microsoft Corporation SIGNED)(2010-01-09 13:05:08)                                             [AUTO] Dhcp
Service         C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:22)                                             [BOOT] disk
Service         C:\Windows\System32\dnsrslvr.dll                                                                                                                     [AUTO] Dnscache
Service         C:\Windows\System32\dot3svc.dll                                                                                                                      [MANUAL] dot3svc
Service         C:\Windows\system32\dps.dll                                                                                                                          [AUTO] DPS
Service         C:\Windows\system32\drivers\drmkaud.sys                                                                                                              [MANUAL] drmkaud
Service         C:\Windows\System32\drivers\dxgkrnl.sys                                                                                                              [MANUAL] DXGKrnl
Service         C:\Windows\system32\DRIVERS\E1G60I32.sys                                                                                                             [MANUAL] E1G60
Service         C:\Windows\system32\DRIVERS\eabfiltr.sys                                                                                                             [SYSTEM] eabfiltr
Service                                                                                                                                                              eabusb
Service         C:\Windows\System32\eapsvc.dll                                                                                                                       [MANUAL] EapHost
Service         C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation SIGNED)(2010-01-09 13:06:02)                               [BOOT] Ecache
Service         C:\Windows\system32\drivers\elxstor.sys                                                                                                              [DISABLED] elxstor
Service         C:\Windows\system32\emdmgmt.dll                                                                                                                      EmdCache
Service         C:\Windows\system32\emdmgmt.dll                                                                                                                      [AUTO] EMDMgmt
Service         C:\Windows\system32\esentprf.dll                                                                                                                     ESENT
Service         C:\Windows\System32\wevtsvc.dll (Event Logging Service/Microsoft Corporation SIGNED)(2010-01-09 13:07:26)                                            [AUTO] Eventlog
Service         C:\Windows\system32\es.dll (COM+/Microsoft Corporation SIGNED)(2008-08-21 17:11:17)                                                                  [AUTO] EventSystem
Service         C:\Windows\system32\drivers\exfat.sys                                                                                                                [MANUAL] exfat
Service         C:\Windows\system32\drivers\fastfat.sys                                                                                                              [MANUAL] fastfat
Service         C:\Windows\system32\DRIVERS\fdc.sys                                                                                                                  [DISABLED] fdc
Service         C:\Windows\system32\fdPHost.dll                                                                                                                      [MANUAL] fdPHost
Service         C:\Windows\system32\fdrespub.dll                                                                                                                     [AUTO] FDResPub
Service         C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:39)                                  [BOOT] FileInfo
Service         C:\Windows\system32\drivers\filetrace.sys                                                                                                            [MANUAL] Filetrace
Service         C:\Windows\system32\DRIVERS\flpydisk.sys                                                                                                             [DISABLED] flpydisk
Service         C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation SIGNED)(2010-01-09 13:05:30)                       [BOOT] FltMgr
Service         C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe                                                                                [MANUAL] FontCache3.0.0.0
Service         C:\Windows\system32\drivers\Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:31)                             [SYSTEM] Fs_Rec
Service         C:\Windows\system32\drivers\gagp30kx.sys                                                                                                             [MANUAL] gagp30kx
Service         C:\Windows\System32\gpsvc.dll                                                                                                                        [AUTO] gpsvc
Service         C:\Program Files\Google\Update\GoogleUpdate.exe                                                                                                      [AUTO] gupdate
Service         C:\Program Files\Google\Update\GoogleUpdate.exe                                                                                                      [MANUAL] gupdatem
Service         C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe                                                                               [MANUAL] gusvc
Service         C:\Windows\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P. SIGNED)(2007-06-30 06:19:44)   [MANUAL] HBtnKey
Service         C:\Windows\system32\drivers\HdAudio.sys                                                                                                              [MANUAL] HdAudAddService
Service         C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:25)                        [MANUAL] HDAudBus
Service         C:\Windows\system32\DRIVERS\hidbth.sys                                                                                                               [MANUAL] HidBth
Service         C:\Windows\system32\drivers\hidir.sys                                                                                                                [DISABLED] HidIr
Service         C:\Windows\system32\hidserv.dll                                                                                                                      [AUTO] hidserv
Service         C:\Windows\system32\DRIVERS\hidusb.sys                                                                                                               [MANUAL] HidUsb
Service         C:\Windows\system32\kmsvc.dll                                                                                                                        [MANUAL] hkmsvc
Service         C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe                                                                                    [AUTO] HP Health Check Service
Service         C:\Windows\system32\drivers\hpcisss.sys                                                                                                              [DISABLED] HpCISSs
Service         C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll                                                                                    [MANUAL] hpqcxs08
Service         C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll                                                                                    [AUTO] hpqddsvc
Service         C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe                                                                                                 [AUTO] hpqwmiex
Service         C:\Windows\system32\DRIVERS\HPZid412.sys                                                                                                             [MANUAL] HPZid412
Service         C:\Windows\system32\DRIVERS\HPZipr12.sys                                                                                                             [MANUAL] HPZipr12
Service         C:\Windows\system32\DRIVERS\HPZius12.sys                                                                                                             [MANUAL] HPZius12
Service         C:\Windows\system32\DRIVERS\VSTAZL3.SYS                                                                                                              [MANUAL] HSFHWAZL
Service         C:\Windows\system32\DRIVERS\VSTDPV3.SYS                                                                                                              [MANUAL] HSF_DPV
Service         C:\Windows\system32\drivers\HTTP.sys                                                                                                                 [MANUAL] HTTP
Service         C:\Windows\system32\drivers\i2omp.sys                                                                                                                [DISABLED] i2omp
Service         C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:36)                                       [SYSTEM] i8042prt
Service         C:\Windows\system32\drivers\iastorv.sys                                                                                                              [DISABLED] iaStorV
Service         C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe                                                                        [MANUAL] IDriverT
Service         C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe                                                                [MANUAL] idsvc
Service         C:\Windows\system32\drivers\iirsp.sys                                                                                                                [DISABLED] iirsp
Service         C:\Windows\System32\ikeext.dll                                                                                                                       [AUTO] IKEEXT
Service                                                                                                                                                              inetaccs
Service         C:\Windows\system32\drivers\intelide.sys                                                                                                             [DISABLED] intelide
Service         C:\Windows\system32\DRIVERS\intelppm.sys                                                                                                             [DISABLED] intelppm
Service         C:\Windows\system32\ipbusenum.dll                                                                                                                    [MANUAL] IPBusEnum
Service         C:\Windows\system32\DRIVERS\ipfltdrv.sys                                                                                                             [MANUAL] IpFilterDriver
Service         C:\Windows\System32\iphlpsvc.dll                                                                                                                     [AUTO] iphlpsvc
Service         system32\DRIVERS\ipinip.sys                                                                                                                          [MANUAL] IpInIp
Service         C:\Windows\system32\drivers\ipmidrv.sys                                                                                                              [DISABLED] IPMIDRV
Service         C:\Windows\system32\DRIVERS\ipnat.sys                                                                                                                [MANUAL] IPNAT
Service         C:\Windows\system32\drivers\irenum.sys                                                                                                               [MANUAL] IRENUM
Service         C:\Windows\system32\drivers\isapnp.sys                                                                                                               [DISABLED] isapnp
Service         C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:01)                         [MANUAL] iScsiPrt
Service         C:\Windows\system32\drivers\iteatapi.sys                                                                                                             [DISABLED] iteatapi
Service         C:\Windows\system32\drivers\iteraid.sys                                                                                                              [DISABLED] iteraid
Service         C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe                                                                                        [AUTO] IviRegMgr
Service         C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:12)                                   [SYSTEM] kbdclass
Service         C:\Windows\system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:56)                                [SYSTEM] kbdhid
Service         C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)                                   [MANUAL] KeyIso
Service         C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)                [BOOT] KSecDD
Service         C:\Windows\system32\msdtckrm.dll                                                                                                                     [AUTO] KtmRm
Service         C:\Windows\system32\srvsvc.dll                                                                                                                       [AUTO] LanmanServer
Service         C:\Windows\System32\wkssvc.dll                                                                                                                       [AUTO] LanmanWorkstation
Service                                                                                                                                                              ldap
Service         C:\Program Files\Common Files\LightScribe\LSSrvc.exe                                                                                                 [AUTO] LightScribeService
Service         C:\Windows\system32\DRIVERS\lltdio.sys                                                                                                               [AUTO] lltdio
Service         C:\Windows\System32\lltdsvc.dll                                                                                                                      [MANUAL] lltdsvc
Service         C:\Windows\System32\lmhsvc.dll                                                                                                                       [AUTO] lmhosts
Service         C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation SIGNED)(2009-08-13 18:48:00)                              Lsa
Service         C:\Windows\system32\drivers\lsi_fc.sys                                                                                                               [DISABLED] LSI_FC
Service         C:\Windows\system32\drivers\lsi_sas.sys                                                                                                              [DISABLED] LSI_SAS
Service         C:\Windows\system32\drivers\lsi_scsi.sys                                                                                                             [DISABLED] LSI_SCSI
Service         C:\Windows\system32\drivers\luafv.sys                                                                                                                [AUTO] luafv
Service         C:\Windows\system32\DRIVERS\lvrs.sys                                                                                                                 [MANUAL] LVRS
Service         C:\Windows\system32\DRIVERS\lvuvc.sys                                                                                                                [MANUAL] LVUVC
Service         C:\Windows\system32\drivers\mbam.sys                                                                                                                 [MANUAL] MBAMProtector
Service         C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe                                                                                        [AUTO] MBAMScheduler
Service         C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe                                                                                          [AUTO] MBAMService
Service         C:\Windows\system32\drivers\megasas.sys                                                                                                              [DISABLED] megasas
Service         C:\Windows\system32\mmcss.dll                                                                                                                        [AUTO] MMCSS
Service         C:\Windows\system32\drivers\modem.sys                                                                                                                [MANUAL] Modem
Service         C:\Windows\system32\DRIVERS\monitor.sys                                                                                                              [MANUAL] monitor
Service         C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10)                                      [SYSTEM] mouclass
Service         C:\Windows\system32\DRIVERS\mouhid.sys                                                                                                               [MANUAL] mouhid
Service         C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation SIGNED)(2010-01-09 13:04:42)                                     [BOOT] MountMgr
Service         C:\Windows\system32\drivers\mpio.sys                                                                                                                 [DISABLED] mpio
Service         C:\Windows\System32\drivers\mpsdrv.sys                                                                                                               [MANUAL] mpsdrv
Service         C:\Windows\system32\mpssvc.dll                                                                                                                       [AUTO] MpsSvc
Service         C:\Windows\system32\drivers\mraid35x.sys                                                                                                             [DISABLED] Mraid35x
Service         C:\Windows\system32\drivers\mrxdav.sys                                                                                                               [MANUAL] MRxDAV
Service         C:\Windows\system32\DRIVERS\mrxsmb.sys                                                                                                               [MANUAL] mrxsmb
Service         C:\Windows\system32\DRIVERS\mrxsmb10.sys                                                                                                             [MANUAL] mrxsmb10
Service         C:\Windows\system32\DRIVERS\mrxsmb20.sys                                                                                                             [MANUAL] mrxsmb20
Service         C:\Windows\system32\drivers\msahci.sys                                                                                                               [DISABLED] msahci
Service         C:\Windows\system32\drivers\msdsm.sys                                                                                                                [DISABLED] msdsm
Service         C:\Windows\system32\msdtcuiu.DLL                                                                                                                     [MANUAL] MSDTC
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    MSDTC Bridge 3.0.0.0
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    MSDTC Bridge 4.0.0.0
Service         C:\Windows\system32\drivers\Msfs.sys (Mailslot driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:57)                                             [SYSTEM] Msfs
Service         C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:43)                                              [BOOT] msisadrv
Service         C:\Windows\system32\iscsiexe.dll                                                                                                                     [MANUAL] MSiSCSI
Service         C:\Windows\system32\msiexec /V                                                                                                                       [MANUAL] msiserver
Service         C:\Windows\system32\drivers\MSKSSRV.sys                                                                                                              [MANUAL] MSKSSRV
Service         C:\Windows\system32\drivers\MSPCLOCK.sys                                                                                                             [MANUAL] MSPCLOCK
Service         C:\Windows\system32\drivers\MSPQM.sys                                                                                                                [MANUAL] MSPQM
Service         C:\Windows\system32\drivers\MsRPC.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation SIGNED)(2010-01-09 13:04:27)                      [MANUAL] MsRPC
Service         C:\Windows\system32\msscntrs.dll                                                                                                                     MSSCNTRS
Service         C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10)                           [MANUAL] mssmbios
Service         C:\Windows\system32\sqlctr90.dll                                                                                                                     [AUTO] MSSQL$MSSMLBIZ
Service         c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe                                                                                       [DISABLED] MSSQLServerADHelper
Service         C:\Windows\system32\drivers\MSTEE.sys                                                                                                                [MANUAL] MSTEE
Service         C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:47)                                 [BOOT] Mup
Service         C:\Windows\system32\qagentRT.dll                                                                                                                     [MANUAL] napagent
Service         C:\Windows\system32\DRIVERS\nwifi.sys                                                                                                                [MANUAL] NativeWifiP
Service         C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:54)                                     [BOOT] NDIS
Service         C:\Windows\system32\DRIVERS\ndistapi.sys                                                                                                             [MANUAL] NdisTapi
Service         C:\Windows\system32\DRIVERS\ndisuio.sys                                                                                                              [MANUAL] Ndisuio
Service         C:\Windows\system32\DRIVERS\ndiswan.sys                                                                                                              [MANUAL] NdisWan
Service         C:\Windows\system32\drivers\NDProxy.sys                                                                                                              [MANUAL] NDProxy
Service         C:\Windows\system32\HPZinw12.dll                                                                                                                     [AUTO] Net Driver HPZ12
Service         C:\Windows\system32\DRIVERS\netbios.sys                                                                                                              [SYSTEM] NetBIOS
Service         C:\Windows\System32\DRIVERS\netbt.sys                                                                                                                [SYSTEM] netbt
Service         C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)                                   [MANUAL] Netlogon
Service         C:\Windows\System32\netman.dll                                                                                                                       [MANUAL] Netman
Service         C:\Windows\System32\netprofm.dll                                                                                                                     [AUTO] netprofm
Service         C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe                                                               [DISABLED] NetTcpPortSharing
Service         C:\Windows\system32\drivers\nfrd960.sys                                                                                                              [DISABLED] nfrd960
Service         C:\Windows\System32\nlasvc.dll                                                                                                                       [AUTO] NlaSvc
Service         C:\Windows\system32\drivers\Npfs.sys (NPFS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:14)                                                 [SYSTEM] Npfs
Service         C:\Windows\system32\nsisvc.dll                                                                                                                       [AUTO] nsi
Service         C:\Windows\system32\drivers\nsiproxy.sys                                                                                                             [SYSTEM] nsiproxy
Service                                                                                                                                                              NTDS
Service         C:\Windows\system32\drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:07:38)                                       [MANUAL] Ntfs
Service         C:\Windows\system32\drivers\ntrigdigi.sys                                                                                                            [DISABLED] ntrigdigi
Service         C:\Windows\system32\drivers\Null.sys (NULL Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38)                                                 [SYSTEM] Null
Service         C:\Windows\system32\drivers\nvraid.sys                                                                                                               [DISABLED] nvraid
Service         C:\Windows\system32\drivers\nvstor.sys                                                                                                               [DISABLED] nvstor
Service         C:\Windows\system32\drivers\nv_agp.sys                                                                                                               [MANUAL] nv_agp
Service         system32\DRIVERS\nwlnkflt.sys                                                                                                                        [MANUAL] NwlnkFlt
Service         system32\DRIVERS\nwlnkfwd.sys                                                                                                                        [MANUAL] NwlnkFwd
Service         C:\Windows\system32\DRIVERS\ohci1394.sys                                                                                                             [MANUAL] ohci1394
Service         C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE                                                                                 [MANUAL] ose
Service         C:\Windows\system32\p2psvc.dll                                                                                                                       [MANUAL] p2pimsvc
Service         C:\Windows\system32\p2psvc.dll                                                                                                                       [MANUAL] p2psvc
Service         C:\Windows\system32\DRIVERS\parport.sys                                                                                                              [MANUAL] Parport
Service         C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:44)                              [BOOT] partmgr
Service         C:\Windows\system32\DRIVERS\parvdm.sys                                                                                                               [AUTO] Parvdm
Service         C:\Windows\System32\pcasvc.dll                                                                                                                       [AUTO] PcaSvc
Service         C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:05:54)                              [BOOT] pci
Service         C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:02)                                [BOOT] pciide
Service         C:\Windows\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:50)                                         [BOOT] pcmcia
Service         C:\Program Files\PDF Complete\pdfsvc.exe                                                                                                             [AUTO] pdfcDispatcher
Service         C:\Windows\System32\Drivers\PDNMp50.sys                                                                                                              [MANUAL] PDNMp50
Service         C:\Windows\System32\Drivers\PDNSp50.sys                                                                                                              [MANUAL] PDNSp50
Service         C:\Windows\system32\drivers\peauth.sys                                                                                                               [AUTO] PEAUTH
Service         C:\Windows\system32\perfdisk.dll                                                                                                                     PerfDisk
Service         C:\Windows\system32\perfnet.dll                                                                                                                      PerfNet
Service         C:\Windows\system32\perfos.dll                                                                                                                       PerfOS
Service         C:\Windows\system32\perfproc.dll                                                                                                                     PerfProc
Service         C:\Windows\system32\pla.dll                                                                                                                          [MANUAL] pla
Service         C:\Windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation SIGNED)(2010-01-09 13:05:34)                                 [AUTO] PlugPlay
Service         C:\Windows\system32\HPZipm12.dll                                                                                                                     [AUTO] Pml Driver HPZ12
Service         C:\Windows\system32\p2psvc.dll                                                                                                                       [MANUAL] PNRPAutoReg
Service         C:\Windows\system32\p2psvc.dll                                                                                                                       [MANUAL] PNRPsvc
Service         C:\Windows\System32\ipsecsvc.dll                                                                                                                     [AUTO] PolicyAgent
Service                                                                                                                                                              PortProxy
Service         C:\Windows\system32\DRIVERS\raspptp.sys                                                                                                              [MANUAL] PptpMiniport
Service         C:\Windows\system32\drivers\processr.sys                                                                                                             [DISABLED] Processor
Service         C:\Windows\system32\profsvc.dll (ProfSvc/Microsoft Corporation SIGNED)(2010-01-09 13:04:49)                                                          [AUTO] ProfSvc
Service         C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)                                   [MANUAL] ProtectedStorage
Service         C:\Windows\system32\pacerprf.dll                                                                                                                     [SYSTEM] PSched
Service         C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)(2006-07-24 01:00:00)                          [BOOT] PxHelp20
Service         C:\Windows\system32\drivers\ql2300.sys                                                                                                               [DISABLED] ql2300
Service         C:\Windows\system32\drivers\ql40xx.sys                                                                                                               [DISABLED] ql40xx
Service         C:\Windows\system32\qwave.dll                                                                                                                        [MANUAL] QWAVE
Service         C:\Windows\system32\drivers\qwavedrv.sys                                                                                                             [MANUAL] QWAVEdrv
Service         C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                             [MANUAL] R300
Service         C:\Windows\System32\DRIVERS\rasacd.sys                                                                                                               [SYSTEM] RasAcd
Service         C:\Windows\System32\rasauto.dll                                                                                                                      [MANUAL] RasAuto
Service         C:\Windows\system32\DRIVERS\rasl2tp.sys                                                                                                              [MANUAL] Rasl2tp
Service         C:\Windows\System32\rasmans.dll                                                                                                                      [MANUAL] RasMan
Service         C:\Windows\system32\DRIVERS\raspppoe.sys                                                                                                             [MANUAL] RasPppoe
Service         C:\Windows\system32\DRIVERS\rassstp.sys                                                                                                              [MANUAL] RasSstp
Service         C:\Windows\system32\DRIVERS\rdbss.sys                                                                                                                [SYSTEM] rdbss
Service         C:\Windows\System32\DRIVERS\RDPCDD.sys                                                                                                               [SYSTEM] RDPCDD
Service                                                                                                                                                              RDPDD
Service         C:\Windows\system32\drivers\rdpdr.sys                                                                                                                [DISABLED] rdpdr
Service         C:\Windows\system32\drivers\rdpencdd.sys                                                                                                             [SYSTEM] RDPENCDD
Service                                                                                                                                                              RDPNP
Service         C:\Windows\system32\drivers\RDPWD.sys                                                                                                                [MANUAL] RDPWD
Service         C:\Windows\System32\mprdim.dll                                                                                                                       [DISABLED] RemoteAccess
Service         C:\Windows\system32\regsvc.dll                                                                                                                       [MANUAL] RemoteRegistry
Service         C:\Windows\system32\DRIVERS\rfcomm.sys                                                                                                               [MANUAL] RFCOMM
Service         c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe                                                                             [MANUAL] RoxMediaDB9
Service         C:\Windows\system32\locator.exe                                                                                                                      [MANUAL] RpcLocator
Service         C:\Windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation SIGNED)(2009-04-16 06:35:46)                                           [AUTO] RpcSs
Service         C:\Windows\system32\DRIVERS\rspndr.sys                                                                                                               [AUTO] rspndr
Service         C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01)                                   [AUTO] SamSs
Service         C:\Windows\system32\drivers\sbp2port.sys                                                                                                             [DISABLED] sbp2port
Service         C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe                                                                                              [AUTO] SBSDWSCService
Service         C:\Windows\System32\SCardSvr.dll                                                                                                                     [MANUAL] SCardSvr
Service         C:\Windows\system32\schedsvc.dll                                                                                                                     [AUTO] Schedule
Service         C:\Windows\System32\certprop.dll                                                                                                                     [MANUAL] SCPolicySvc
Service         C:\Windows\system32\DRIVERS\sdbus.sys                                                                                                                [DISABLED] sdbus
Service         C:\Windows\System32\SDRSVC.dll                                                                                                                       [MANUAL] SDRSVC
Service         C:\Windows\system32\drivers\secdrv.sys                                                                                                               [AUTO] secdrv
Service         C:\Windows\system32\seclogon.dll                                                                                                                     [AUTO] seclogon
Service         C:\Windows\System32\sens.dll                                                                                                                         [AUTO] SENS
Service         C:\Windows\system32\drivers\serenum.sys                                                                                                              [MANUAL] Serenum
Service         C:\Windows\system32\drivers\serial.sys                                                                                                               [DISABLED] Serial
Service         C:\Windows\system32\drivers\sermouse.sys                                                                                                             [DISABLED] sermouse
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    ServiceModelEndpoint 3.0.0.0
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    ServiceModelOperation 3.0.0.0
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    ServiceModelService 3.0.0.0
Service         C:\Windows\system32\sessenv.dll                                                                                                                      [MANUAL] SessionEnv
Service         C:\Windows\system32\drivers\sffdisk.sys                                                                                                              [DISABLED] sffdisk
Service         C:\Windows\system32\drivers\sffp_mmc.sys                                                                                                             [MANUAL] sffp_mmc
Service         C:\Windows\system32\drivers\sffp_sd.sys                                                                                                              [MANUAL] sffp_sd
Service         C:\Windows\system32\drivers\sfloppy.sys                                                                                                              [DISABLED] sfloppy
Service         C:\Windows\System32\ipnathlp.dll                                                                                                                     [DISABLED] SharedAccess
Service         C:\Windows\System32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation SIGNED)(2011-03-06 18:02:43)                                        [AUTO] ShellHWDetection
Service         C:\Windows\system32\drivers\sisagp.sys                                                                                                               [MANUAL] sisagp
Service         C:\Windows\system32\drivers\sisraid2.sys                                                                                                             [DISABLED] SiSRaid2
Service         C:\Windows\system32\drivers\sisraid4.sys                                                                                                             [DISABLED] SiSRaid4
Service         C:\Program Files\Skype\Updater\Updater.exe                                                                                                           [AUTO] SkypeUpdate
Service         C:\Windows\system32\SLsvc.exe                                                                                                                        [AUTO] slsvc
Service         C:\Windows\system32\SLUINotify.dll                                                                                                                   [MANUAL] SLUINotify
Service         C:\Windows\system32\DRIVERS\smb.sys                                                                                                                  [SYSTEM] Smb
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    SMSvcHost 3.0.0.0
Service         C:\Windows\system32\NETFXPerf.dll                                                                                                                    SMSvcHost 4.0.0.0
Service         C:\Windows\System32\snmptrap.exe                                                                                                                     [MANUAL] SNMPTRAP
Service         C:\Windows\system32\drivers\spldr.sys                                                                                                                [BOOT] spldr
Service         C:\Windows\system32\winspool.drv                                                                                                                     [AUTO] Spooler
Service         c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe                                                                                       [AUTO] SQLBrowser
Service         c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe                                                                                        [AUTO] SQLWriter
Service         C:\Windows\System32\DRIVERS\srv.sys                                                                                                                  [MANUAL] srv
Service         C:\Windows\System32\DRIVERS\srv2.sys                                                                                                                 [MANUAL] srv2
Service         C:\Windows\System32\DRIVERS\srvnet.sys                                                                                                               [MANUAL] srvnet
Service         C:\Windows\System32\ssdpsrv.dll                                                                                                                      [MANUAL] SSDPSRV
Service         C:\Windows\system32\DRIVERS\ssmdrv.sys                                                                                                               [SYSTEM] ssmdrv
Service         C:\Windows\system32\sstpsvc.dll                                                                                                                      [MANUAL] SstpSvc
Service         C:\Windows\System32\wiaservc.dll                                                                                                                     [AUTO] stisvc
Service         c:\Program Files\Common Files\SureThing Shared\stllssvr.exe                                                                                          [MANUAL] stllssvr
Service         C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:45)                  [MANUAL] swenum
Service         C:\Windows\System32\swprv.dll                                                                                                                        [MANUAL] swprv
Service         C:\Windows\system32\drivers\symc8xx.sys                                                                                                              [DISABLED] Symc8xx
Service         C:\Windows\system32\drivers\sym_hi.sys                                                                                                               [DISABLED] Sym_hi
Service         C:\Windows\system32\drivers\sym_u3.sys                                                                                                               [DISABLED] Sym_u3
Service         C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc. SIGNED)(2007-01-12 13:59:02)                                        [MANUAL] SynTP
Service         C:\Windows\system32\sysmain.dll                                                                                                                      [AUTO] SysMain
Service         C:\Windows\System32\TabSvc.dll                                                                                                                       [AUTO] TabletInputService
Service         C:\Windows\System32\tapisrv.dll                                                                                                                      [MANUAL] TapiSrv
Service         C:\Windows\System32\tbssvc.dll                                                                                                                       [AUTO] TBS
Service         C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe                                                                                           [AUTO] TBSrv
Service         C:\Windows\system32\Perfctrs.dll                                                                                                                     [BOOT] Tcpip
Service         C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation SIGNED)(2010-12-26 05:40:45)                                              [MANUAL] Tcpip6
Service         C:\Windows\System32\drivers\tcpipreg.sys                                                                                                             [AUTO] tcpipreg
Service         C:\Windows\system32\drivers\tdpipe.sys                                                                                                               [MANUAL] TDPIPE
Service         C:\Windows\system32\drivers\tdtcp.sys                                                                                                                [MANUAL] TDTCP
Service         C:\Windows\system32\DRIVERS\tdx.sys                                                                                                                  [SYSTEM] tdx
Service         C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33)                                    [SYSTEM] TermDD
Service         C:\Windows\System32\termsrv.dll                                                                                                                      [AUTO] TermService
Service         C:\Windows\system32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation SIGNED)(2011-03-06 18:02:43)                                        [AUTO] Themes
Service         C:\Windows\system32\mmcss.dll                                                                                                                        [MANUAL] THREADORDER
Service         C:\Windows\system32\drivers\tpm.sys                                                                                                                  [MANUAL] TPM
Service         C:\Windows\System32\trkwks.dll                                                                                                                       [AUTO] TrkWks
Service         C:\Windows\servicing\TrustedInstaller.exe                                                                                                            [MANUAL] TrustedInstaller
Service                                                                                                                                                              TSDDD
Service         C:\Windows\System32\DRIVERS\tssecsrv.sys                                                                                                             [MANUAL] tssecsrv
Service         C:\Windows\system32\DRIVERS\tunmp.sys                                                                                                                [MANUAL] tunmp
Service         C:\Windows\system32\DRIVERS\tunnel.sys                                                                                                               [MANUAL] tunnel
Service         C:\Windows\system32\drivers\uagp35.sys                                                                                                               [MANUAL] uagp35
Service         C:\Windows\system32\DRIVERS\udfs.sys                                                                                                                 [DISABLED] udfs
Service         C:\Windows\system32\msscntrs.dll                                                                                                                     UGatherer
Service         C:\Windows\system32\msscntrs.dll                                                                                                                     UGTHRSVC
Service         C:\Windows\system32\UI0Detect.exe                                                                                                                    [MANUAL] UI0Detect
Service         C:\Windows\system32\drivers\uliagpkx.sys                                                                                                             [MANUAL] uliagpkx
Service         C:\Windows\system32\drivers\uliahci.sys                                                                                                              [DISABLED] uliahci
Service         C:\Windows\system32\drivers\ulsata.sys                                                                                                               [DISABLED] UlSata
Service         C:\Windows\system32\drivers\ulsata2.sys                                                                                                              [DISABLED] ulsata2
Service         C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:50)                                   [MANUAL] umbus
Service         C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe                                                                                           [AUTO] UMVPFSrv
Service         C:\Windows\System32\upnphost.dll                                                                                                                     [AUTO] upnphost
Service                                                                                                                                                              usb
Service         C:\Windows\system32\drivers\usbaudio.sys                                                                                                             [MANUAL] usbaudio
Service         C:\Windows\system32\DRIVERS\usbccgp.sys                                                                                                              [MANUAL] usbccgp
Service         C:\Windows\system32\drivers\usbcir.sys                                                                                                               [DISABLED] usbcir
Service         C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:54)                                [MANUAL] usbehci
Service         C:\Windows\system32\usbperf.dll                                                                                                                      [MANUAL] usbhub
Service         C:\Windows\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:49)                                 [MANUAL] usbohci
Service         C:\Windows\system32\DRIVERS\usbprint.sys                                                                                                             [MANUAL] usbprint
Service         C:\Windows\system32\DRIVERS\usbscan.sys                                                                                                              [MANUAL] usbscan
Service         C:\Windows\system32\DRIVERS\USBSTOR.SYS                                                                                                              [MANUAL] USBSTOR
Service         C:\Windows\system32\DRIVERS\usbuhci.sys                                                                                                              [DISABLED] usbuhci
Service         C:\Windows\System32\Drivers\usbvideo.sys                                                                                                             [MANUAL] usbvideo
Service         C:\Windows\System32\uxsms.dll                                                                                                                        [AUTO] UxSms
Service         C:\Windows\System32\vds.exe                                                                                                                          [MANUAL] vds
Service         C:\Windows\system32\DRIVERS\vgapnp.sys                                                                                                               [MANUAL] vga
Service         C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38)                                   [SYSTEM] VgaSave
Service         C:\Windows\system32\drivers\viaagp.sys                                                                                                               [MANUAL] viaagp
Service         C:\Windows\system32\drivers\viac7.sys                                                                                                                [DISABLED] ViaC7
Service         C:\Windows\system32\drivers\viaide.sys                                                                                                               [DISABLED] viaide
Service         C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:05)                                     [BOOT] volmgr
Service         C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:50)                          [BOOT] volmgrx
Service         C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:29)                                [BOOT] volsnap
Service         C:\Windows\system32\drivers\vsmraid.sys                                                                                                              [DISABLED] vsmraid
Service         C:\Windows\system32\vssvc.exe                                                                                                                        [MANUAL] VSS
Service         C:\Windows\system32\w32time.dll                                                                                                                      [AUTO] W32Time
Service                                                                                                                                                              W3SVC
Service         C:\Windows\system32\drivers\wacompen.sys                                                                                                             [DISABLED] WacomPen
Service         C:\Windows\system32\DRIVERS\wanarp.sys                                                                                                               [MANUAL] Wanarp
Service         C:\Windows\system32\DRIVERS\wanarp.sys                                                                                                               [SYSTEM] Wanarpv6
Service         C:\Windows\System32\wcncsvc.dll                                                                                                                      [MANUAL] wcncsvc
Service         C:\Windows\System32\WcsPlugInService.dll                                                                                                             [MANUAL] WcsPlugInService
Service         C:\Windows\system32\drivers\wd.sys                                                                                                                   [DISABLED] Wd
Service         C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation SIGNED)(2010-01-09 13:05:50)                                             [BOOT] Wdf01000
Service         C:\Windows\system32\wdi.dll                                                                                                                          [MANUAL] WdiServiceHost
Service         C:\Windows\system32\wdi.dll                                                                                                                          [MANUAL] WdiSystemHost
Service         C:\Windows\System32\webclnt.dll                                                                                                                      [AUTO] WebClient
Service         C:\Windows\system32\wecsvc.dll                                                                                                                       [MANUAL] Wecsvc
Service         C:\Windows\System32\wercplsupport.dll                                                                                                                [MANUAL] wercplsupport
Service         C:\Windows\System32\WerSvc.dll                                                                                                                       [AUTO] WerSvc
Service         C:\Windows\system32\DRIVERS\wimfltr.sys                                                                                                              [MANUAL] WimFltr
Service         C:\Windows\system32\DRIVERS\VSTCNXT3.SYS                                                                                                             [MANUAL] winachsf
Service         C:\Program Files\Windows Defender\mpsvc.dll (Service Module/Microsoft Corporation SIGNED)(2010-01-09 13:06:52)                                       [AUTO] WinDefend
Service         C:\Windows\system32\netfxperf.dll                                                                                                                    Windows Workflow Foundation 3.0.0.0
Service         C:\Windows\system32\winhttp.dll (Windows HTTP Services/Microsoft Corporation SIGNED)(2009-12-09 09:21:46)                                            [MANUAL] WinHttpAutoProxySvc
Service         C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30)                                [AUTO] Winmgmt
Service         C:\Windows\system32\WsmSvc.dll                                                                                                                       [MANUAL] WinRM
Service                                                                                                                                                              [MANUAL] Winsock
Service                                                                                                                                                              WinSock2
Service         C:\Windows\System32\wlansvc.dll                                                                                                                      [AUTO] Wlansvc
Service         C:\Windows\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation SIGNED)(2010-01-09 13:02:08)                    [MANUAL] WmiAcpi
Service         C:\Windows\system32\wbem\wmiaprpl.dll                                                                                                                WmiApRpl
Service         C:\Windows\system32\wbem\WmiApSrv.exe                                                                                                                [MANUAL] wmiApSrv
Service         C:\Program Files\Windows Media Player\wmpnetwk.exe                                                                                                   [MANUAL] WMPNetworkSvc
Service         C:\Windows\System32\wpcsvc.dll                                                                                                                       [MANUAL] WPCSvc
Service         C:\Windows\system32\wpdbusenum.dll                                                                                                                   [AUTO] WPDBusEnum
Service         C:\Windows\system32\DRIVERS\wpdusb.sys                                                                                                               [MANUAL] WpdUsb
Service         C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe                                                                             [MANUAL] WPFFontCache_v0400
Service         C:\Windows\system32\drivers\ws2ifsl.sys                                                                                                              [DISABLED] ws2ifsl
Service         C:\Windows\System32\wscsvc.dll                                                                                                                       [AUTO] wscsvc
Service         C:\Windows\system32\SearchIndexer.exe                                                                                                                [AUTO] WSearch
Service         C:\Windows\system32\tquery.dll                                                                                                                       WSearchIdxPi
Service         C:\Windows\system32\wuaueng.dll                                                                                                                      [AUTO] wuauserv
Service         C:\Windows\system32\DRIVERS\WUDFRd.sys                                                                                                               [MANUAL] WUDFRd
Service         C:\Windows\System32\WUDFSvc.dll                                                                                                                      [AUTO] wudfsvc
Service                                                                                                                                                              xmlprov
Service                                                                                                                                                              {19A0E323-5E02-423B-8DC8-904509560B31}
Service                                                                                                                                                              {59E5D54E-6C22-400B-ACBB-5AC2C581A5FF}
Service                                                                                                                                                              {8ABCFD18-449E-4B8B-8891-51A510458B29}

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f5daa9                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37057ed5                                                                          
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)                                                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641f5daa9 (not active ControlSet)                                                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37057ed5 (not active ControlSet)                                                      

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
Das ist erst einmal alles, was ich an Log-Files habe.

Schönen Gruss und vielen Dank für die Hilfe...

Andreas


Alt 25.06.2014, 21:51   #6
Bootsektor
Ruhe in Frieden
† 2019
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien





Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld
__________________
--> Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien

Alt 25.06.2014, 22:41   #7
Bootsektor
Ruhe in Frieden
† 2019
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Hallo Quickslay,

Schritt 1
Bitte deinstalliere folgende Programme:
Conduit Engine
IncrediMail MediaBar 2 Toolbar

Dazu gehe auf
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.


Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 3
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Schritt 4
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Schritt 5
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 28.06.2014, 12:37   #8
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Hallo Sandra...

Vielen Dank für die Hilfe. Hier die Resultate der Scans:

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-28 13:17:46 Run:1
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
MBRMastr.

Code:
ATTFilter
Detected Windows version: 6.0 Build 6001 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x000000E8
1 valid drive(s) found.

Details for Disk 0 - TOSHIBA MK8037GSX Rev DL232C:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 9729/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : CBF91D75F68BD883DC9D9A98D85CB747B19B5171
    MD5                    : 97B45F8522380F396E142A324FDCBB82
         
FSS.txt

Code:
ATTFilter
Farbar Service Scanner Version: 10-06-2014
Ran by Administrator (administrator) on 28-06-2014 at 13:23:33
Running from "C:\Users\Administrator\Desktop"
Windows Vista (TM) Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
Unable to retrieve ServiceDll of winmgmt. The value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
         
FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Administrator (administrator) on JOSEF-PC on 23-06-2014 21:04:25
Running from C:\Users\Administrator\Downloads
Platform: Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Windows\System32\lpremove.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]

========================== Services (Whitelisted) =================

R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:07 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-23 21:04 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-23 21:03 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-23 20:47 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD

==================== One Month Modified Files and Folders =======

2014-06-23 21:07 - 2014-06-23 21:04 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:07 - 2007-11-25 21:09 - 01122012 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-23 21:03 - 2014-06-23 21:02 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-23 20:50 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 20:48 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:47 - 2014-06-22 15:22 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 19:04 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-22 19:04 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:42 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:49 - 2010-12-20 14:03 - 00000000 ____D () C:\Program Files\IncrediMail_MediaBar_2
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:37 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 19:07 - 2014-06-16 16:40 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
2014-06-21 12:08 - 2014-06-21 12:01 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:47 - 2014-06-17 20:45 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-17 20:14 - 2014-06-17 20:07 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:48 - 2014-06-17 10:47 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:29 - 2014-06-16 19:27 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:23 - 2014-06-16 19:21 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 20:53

==================== End Of Log ============================
         
--- --- ---


So, das müsste alles sein...

LG

Andreas

Alt 28.06.2014, 22:30   #9
Bootsektor
Ruhe in Frieden
† 2019
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Hallo Quickslay,

du hast mir das alte FRST-log gepostet.

Der MBR ist sauber, das ist schön.

Schritt 1
Lade dir die angehängte Datei auf den betroffenen Rechner herunter. Führe sie aus.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Reg: reg add "hklm\System\CurrentControlSet\services\winmgmt\parameters" /v Servicedll /t REG_EXPAND_SZ /d ^%Systemroot^%\system32\wbem\WMIsvc.dll /f
reboot:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 3
Bitte noch ein Log mit Farbars Service Scanner, brauchst du dir nicht extra wieder runterladen
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Schritt 4
Bitte ein aktuelles FRST-log
Angehängte Dateien
Dateityp: reg legacy_wscsvc.reg (866 Bytes, 224x aufgerufen)

Alt 28.06.2014, 23:05   #10
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Das Importieren der angehängten Datei ist leider fehlgeschlagen.

Folgende Fehlermeldung tritt auf:

[Window Title]
Registrierungs-Editor

[Content]
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72RAZTNU\legacy_wscsvc[1].reg kann nicht importiert werden: Fehler beim Zugriff auf die Registrierung.

[OK]

Alt 28.06.2014, 23:12   #11
Bootsektor
Ruhe in Frieden
† 2019
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Hast du die als Administrator ausgeführt?

Alt 29.06.2014, 00:07   #12
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Ich bin als Admin angemeldet. Ansonsten hatte ich nicht die Möglichkeit eine Ausführung als Admin zu starten-

Hier noch die Logs:

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-29 00:34:06 Run:3
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Reg: reg add "hklm\System\CurrentControlSet\services\winmgmt\parameters" /v Servicedll /t REG_EXPAND_SZ /d ^%Systemroot^%\system32\wbem\WMIsvc.dll /f
reboot:

*****************


========= reg add "hklm\System\CurrentControlSet\services\winmgmt\parameters" /v Servicedll /t REG_EXPAND_SZ /d ^%Systemroot^%\system32\wbem\WMIsvc.dll /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========



The system needed a reboot. 

==== End of Fixlog ====
         
FSS.txt

Code:
ATTFilter
Farbar Service Scanner Version: 10-06-2014
Ran by Administrator (administrator) on 29-06-2014 at 00:51:22
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
         
FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Administrator (administrator) on JOSEF-PC on 29-06-2014 00:53:42
Running from C:\Users\Administrator\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]

========================== Services (Whitelisted) =================

R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-29 00:28 - 2014-06-29 00:29 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-28 13:23 - 2014-06-29 00:51 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:18 - 2014-06-28 13:19 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 13:01 - 2014-06-28 13:10 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:24 - 2014-06-23 21:25 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:08 - 2014-06-23 21:13 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:06 - 2014-06-23 21:16 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-29 00:53 - 00016249 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-29 00:53 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-28 13:12 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-28 12:33 - 00000034 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-28 23:57 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD

==================== One Month Modified Files and Folders =======

2014-06-29 01:00 - 2014-06-23 21:04 - 00016249 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-29 00:53 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-29 00:52 - 2007-11-25 21:09 - 01252183 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 00:51 - 2014-06-28 13:23 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-29 00:51 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 00:51 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 00:46 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 00:45 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 00:39 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-29 00:38 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-29 00:29 - 2014-06-29 00:28 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-29 00:01 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 23:57 - 2014-06-22 15:22 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:19 - 2014-06-28 13:18 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:12 - 2014-06-23 21:02 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-28 13:10 - 2014-06-28 13:01 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 12:33 - 2014-06-22 15:47 - 00000034 _____ () C:\Windows\setupact.log
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:25 - 2014-06-23 21:24 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:25 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-23 21:16 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:13 - 2014-06-23 21:08 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 19:07 - 2014-06-16 16:40 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
2014-06-21 12:08 - 2014-06-21 12:01 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:47 - 2014-06-17 20:45 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-17 20:14 - 2014-06-17 20:07 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:48 - 2014-06-17 10:47 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:29 - 2014-06-16 19:27 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:23 - 2014-06-16 19:21 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 00:55

==================== End Of Log ============================
         
--- --- ---


Das war es....

Alt 30.06.2014, 00:18   #13
Bootsektor
Ruhe in Frieden
† 2019
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Hallo Quickslay,

das FSS-log sieht gut aus

Wie läuft der Rechner denn nun?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Alt 30.06.2014, 19:07   #14
Quickslay
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Das System läuft m.E. zwar immer noch recht lahm (das hat es vorher auch gemacht), aber um einiges schneller als vorher.

Hier die neuen Logfiles...

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-30 15:50:15 Run:4
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} => value deleted successfully.
'HKCR\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => value deleted successfully.
'HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}' => Key deleted successfully.
C:\Users\Administrator\AppData\Local\Conduit => Moved successfully.
C:\Program Files\Tbccint => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3472-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3752-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3380-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3368-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3544-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3628-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3584-F.txt => Moved successfully.
C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll => Moved successfully.

==== End of Fixlog ====
         
Beim MBAM stürzt mir das Programm immer beim Export des Protokolles ab. Gibt es ne andere Möglichkeit, um an das Protokoll zu kommen? Komischerweise ist das Protokoll innerhalb des Programmes auch leer...

Den Eset-Online-Scanner habe ich gestartet...mal sehen, wie lange es dauert. Das Protokoll reiche ich direkt nach...

Schönen Gruss

Andreas

Eset Online Scanner Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=13d4f8e29d68b946ae4c006107319d0b
# engine=18953
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-30 04:52:09
# local_time=2014-06-30 06:52:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 152053 241679901 0 0
# scanned=200587
# found=10
# cleaned=0
# scan_time=6364
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1861927244-2452785755-924389474-500\$RXL271E.dll"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1861927244-2452785755-924389474-500\$RYOSN3N.dll"
sh=FDF4ADB3654AC8E84A67513864636A36359C2B31 ft=1 fh=ef83010defedbcf7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Tbccint\ToolbarService\ToolbarService.exe"
sh=93292B6DBC58611C49FA64A41C6C42ECD4F64A5F ft=1 fh=4b88797ea918e26b vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Conduit\Community Alerts\Alert.dll"
sh=FCD354F950BB5C0F50727B05E66468E47DE37704 ft=1 fh=17a42d112428317d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Conduit\CT2724386\IncrediMail_MediaBar_2AutoUpdaterHelper.exe"
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll.xBAD"
sh=37FDC039C02562267559D42D94DDB64B692FD091 ft=1 fh=7aeecd1bb81f6a22 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\hk64tbInc0.dll"
sh=A6D053127826CDA8DD8FCDBB4E81F63000910624 ft=1 fh=e8f05c501331b563 vn="möglicherweise Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\hktbInc0.dll"
sh=7148AC44C7FE0CB8D30A12ACB28171AE1F609C20 ft=1 fh=779162af1796b620 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc0.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
         
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Administrator (administrator) on JOSEF-PC on 30-06-2014 19:23:41
Running from C:\Users\Administrator\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]

========================== Services (Whitelisted) =================

R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [X]

==================== Drivers (Whitelisted) ====================

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-30] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 16:55 - 2014-06-30 16:55 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-06-30 16:04 - 2014-06-30 16:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 16:03 - 2014-06-30 16:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-30 16:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-30 16:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-30 16:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-30 15:56 - 2014-06-30 15:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 00:28 - 2014-06-29 00:29 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-28 13:23 - 2014-06-29 00:51 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:18 - 2014-06-28 13:19 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 13:01 - 2014-06-28 13:10 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:24 - 2014-06-23 21:25 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:08 - 2014-06-23 21:13 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:06 - 2014-06-23 21:16 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-30 19:23 - 00014940 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-30 19:23 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-28 13:12 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-28 12:33 - 00000034 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-28 23:57 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0

==================== One Month Modified Files and Folders =======

2014-06-30 19:25 - 2014-06-23 21:04 - 00014940 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-30 19:23 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-30 19:01 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 18:34 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 18:34 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 16:55 - 2014-06-30 16:55 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-06-30 16:52 - 2014-06-30 16:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 16:44 - 2007-11-25 21:09 - 01305339 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 16:37 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 16:34 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 16:32 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-30 16:32 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-30 16:03 - 2014-06-30 16:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-30 16:03 - 2011-01-12 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 15:57 - 2014-06-30 15:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 00:51 - 2014-06-28 13:23 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-29 00:29 - 2014-06-29 00:28 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-28 23:57 - 2014-06-22 15:22 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:19 - 2014-06-28 13:18 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:12 - 2014-06-23 21:02 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-28 13:10 - 2014-06-28 13:01 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 12:33 - 2014-06-22 15:47 - 00000034 _____ () C:\Windows\setupact.log
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:25 - 2014-06-23 21:24 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:25 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-23 21:16 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:13 - 2014-06-23 21:08 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 16:47

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 30.06.2014, 20:53   #15
Bootsektor
Ruhe in Frieden
† 2019
 
Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Standard

Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien



Zitat:
Komischerweise ist das Protokoll innerhalb des Programmes auch leer...
Du meinst unter Verlauf -> Anwendungsprotokolle?

Schritt 1
  • Starte Malwarebytes
  • Gehe nun oben auf Verlauf
  • links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
  • Gehe auf Anwendungsprotokolle
  • suche hier das letzte Suchlaufsprotokoll und wähle das aus
  • nun gehe oben auf Ansicht, das Protokoll öffnet sich
  • unten links steht exportieren, wähle das aus und klicke auf Textdatei
  • speichere nun das Log unter mbam.txt ab
  • öffne das Log mit deinem Texteditor
  • poste mir den Inhalt

wenn du dort nichts findest, mache nochmals einen Suchlauf mit Malwarebytes.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Antwort

Themen zu Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien
administrator, association, avira, conduit.search, conduit.search entfernen, defender, device driver, explorer, fehlercode 1, google, kaspersky, launch, pdf, rundll, safer networking, scan, security, server, software, starten, symantec, system, win32/conduit.searchprotect.n, win32/pricegong.a, win32/toolbar.conduit.b, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win64/toolbar.conduit.b, windows, winlogon.exe



Ähnliche Themen: Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien


  1. Blockierung meiner Webseite durch Avast.
    Log-Analyse und Auswertung - 26.04.2015 (5)
  2. Win 8.1: Crossbrowse, massenhaft Werbung, durch Gruppenrichtlinien blockiert
    Log-Analyse und Auswertung - 16.04.2015 (24)
  3. Programm durch Gruppenrichtlinien blockiert
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (23)
  4. Windows 7: Microsoft Security Essentials durch Gruppenrichtlinien blockiert
    Log-Analyse und Auswertung - 04.08.2014 (7)
  5. GData durch Gruppenrichtlinien blockiert
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (13)
  6. Windows Vista: Avira Gruppenrichtlinien-Block; Fehlermeldung beim Booten
    Log-Analyse und Auswertung - 28.07.2014 (12)
  7. Avira wird durch Gruppenrichtlinien gesperrt.
    Log-Analyse und Auswertung - 04.07.2014 (13)
  8. Avira Fehlermeldung: Dieses Programm wurde durch Gruppenrichtlinien Blockiert. Ein Trojaner?
    Log-Analyse und Auswertung - 28.06.2014 (8)
  9. Avira Free Antivirus startet nicht:Das Programm wurde durch Gruppenrichtlinien blockiert.
    Plagegeister aller Art und deren Bekämpfung - 17.06.2014 (13)
  10. antivir wurde durch Gruppenrichtlinien blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (37)
  11. antivir wird durch gruppenrichtlinien blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (6)
  12. Win7: RegSvr 32 Fehler und Antivir Blockierung durch Gruppenrichtlinien
    Plagegeister aller Art und deren Bekämpfung - 14.05.2014 (9)
  13. Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.05.2014 (26)
  14. G-Data Antivir wird durch lokale Gruppenrichtlinien geblockt
    Log-Analyse und Auswertung - 25.04.2014 (11)
  15. Avira erst verschwunden und jetzt durch Gruppenrichtlinien blockier. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (3)
  16. Avira durch Gruppenrichtlinien geblockt und Trojan.fakems
    Log-Analyse und Auswertung - 18.06.2013 (27)
  17. Windows-Blockierung durch Trojaner ("50 Euro-Virus")
    Log-Analyse und Auswertung - 04.02.2012 (2)

Zum Thema Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien - Hi! Auf dem Laptop meiner Eltern hat sich eine Variation des BKA-Trojaners eingenistet. Nach einiger Recherche im Netz habe ich mir die Kaspersky Recue Disc gebrannt und den Schädling aus - Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien...
Archiv
Du betrachtest: Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.