Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GMER meldet "hidden rootkit activity" & Rechner langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.02.2013, 00:57   #1
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hallo liebes Anti-Trojaner-Team,

nachdem ich gerade dabei bin, meinen PC neu aufzusetzen (Dank an Cosinus noch mal für die Hilfe!), habe ich nun auch evtl. Schwierigkeiten mit meinem Netbook. Er ist relativ langsam & der Mozilla hakt immer wieder kurz (CPU oft bei 80-90% & Arbeitsspeicher voll, hab aber auch nur 1 GB RAM), das Netbook lief aber von Anfang an langsamer.

Malwarebytes hat nichts gefunden, aber GMER meldete "hidden rootkit activity". Muss ich den Laptop nun auch neu aufsetzen?

Ich hab die Anleitung abgearbeitet, hier kommen die Logs:

Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
... :: NETBOOK [Administrator]

Schutz: Aktiviert

08.02.2013 17:25:29
mbam-log-2013-02-08 (17-25-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291574
Laufzeit: 2 Stunde(n), 34 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL:

Code:
ATTFilter
OTL logfile created on: 2/8/2013 10:38:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 441.98 Mb Available Physical Memory | 43.58% Memory free
2.99 Gb Paging File | 1.98 Gb Available in Paging File | 66.13% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 56.31 Gb Free Space | 70.39% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 43.04 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013/02/08 17:10:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
PRC - [2013/02/05 14:59:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/26 15:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/11/26 15:09:20 | 000,659,040 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2010/06/09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/06/04 03:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/04/13 03:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/24 13:00:00 | 000,241,664 | ---- | M] () -- C:\Program Files\ZTE Join Air\AssistantServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/21 16:24:11 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/21 14:27:10 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/21 14:27:07 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/21 14:27:00 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/21 14:24:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/21 14:24:09 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/21 14:22:53 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/21 14:22:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/21 14:22:30 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/21 14:21:55 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/24 17:31:07 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/06/24 17:31:07 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/03/16 02:48:46 | 000,148,816 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/08 16:48:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 22:16:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/26 15:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 15:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/24 13:00:00 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/04/27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/02/09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/13 03:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 03:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 03:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/04/09 12:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbnet.sys -- (ZTEusbnet)
DRV - [2009/04/09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/04/09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/04/09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/04/09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/04/09 12:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2005/06/13 09:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes,DefaultScope = {CC0BF2FC-B6AD-4033-BB3D-147016CEB22D}
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{CC0BF2FC-B6AD-4033-BB3D-147016CEB22D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013/01/29 20:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/11/09 16:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2013/01/31 22:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions
[2012/10/16 16:44:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/05/19 09:20:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013/01/22 19:46:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\firefox@ghostery.com
[2013/01/31 10:36:39 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/01/31 22:54:06 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/06 22:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/29 20:09:28 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013/02/06 22:16:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..Trusted Domains: secunia.com ([]https in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A1F17EB-9944-41B8-B902-3562B5878363}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF68EEF1-8832-40C0-A48F-CD51ED10B0FD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030/01/01 22:36:01 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/02/08 17:16:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2013/02/08 17:10:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013/02/08 17:03:47 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\pdfforge
[2013/02/08 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/02/06 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/05 16:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/05 16:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/01/29 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/01/29 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013/01/29 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Secunia PSI
[2013/01/29 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/01/29 13:21:59 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes
[2013/01/29 13:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/29 13:21:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/29 13:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/29 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Programs
[2013/01/29 12:59:20 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
[2013/01/24 14:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/08 22:47:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/08 22:23:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/08 17:28:45 | 013,562,257 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1017.zip
[2013/02/08 17:20:22 | 000,582,209 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe
[2013/02/08 17:17:09 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2013/02/08 17:12:16 | 000,365,568 | ---- | M] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe
[2013/02/08 17:10:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013/02/08 17:03:48 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/08 12:31:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 12:31:55 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 12:24:00 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2013/02/08 12:23:14 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/05 18:08:14 | 000,644,310 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/02/05 18:08:14 | 000,607,634 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/02/05 18:08:14 | 000,126,580 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/02/05 18:08:14 | 000,103,754 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/02/05 16:25:56 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/05 16:19:15 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/05 13:30:54 | 000,002,286 | -H-- | M] () -- D:\...\Eigene Dokumente\Default.rdp
[2013/01/29 19:48:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/01/29 19:43:08 | 000,000,932 | ---- | M] () -- C:\Users\...\Desktop\IrfanView.lnk
[2013/01/29 19:40:33 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013/01/29 16:32:03 | 000,001,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/01/29 13:21:46 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/29 13:06:40 | 000,272,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/01/24 14:59:16 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
 
========== Files Created - No Company Name ==========
 
[2030/01/01 22:36:02 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/02/08 17:27:05 | 013,562,257 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1017.zip
[2013/02/08 17:19:52 | 000,582,209 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe
[2013/02/08 17:12:10 | 000,365,568 | ---- | C] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe
[2013/02/08 17:03:48 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/08 17:03:39 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2013/02/05 16:25:56 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/05 16:19:15 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/05 16:19:15 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/29 19:48:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/01/29 19:43:07 | 000,000,932 | ---- | C] () -- C:\Users\...\Desktop\IrfanView.lnk
[2013/01/29 19:42:41 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 16:32:03 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/01/29 16:32:03 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/01/29 13:21:46 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/29 12:51:22 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/29 12:49:51 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/24 14:59:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/24 14:59:16 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/03/30 18:13:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2012/03/30 18:13:10 | 000,001,471 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/01/19 19:48:26 | 000,061,678 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JPR.{PB
[2012/01/19 19:48:26 | 000,012,358 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JCM.{PB
[2011/12/14 10:48:47 | 000,065,536 | ---- | C] () -- C:\windows\System32\HPPLVS.dll
[2011/12/13 00:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/07 16:23:31 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ASUS WebStorage
[2011/02/04 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\E-Cam
[2012/02/03 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\FileZilla
[2011/12/30 01:42:31 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Foxit Software
[2012/04/29 15:51:11 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\IrfanView
[2011/12/13 13:37:35 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\JAM Software
[2013/02/08 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\pdfforge
[2013/02/08 02:39:11 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client
[2012/11/26 12:52:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Swiss Academic Software
[2011/02/04 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP
[2012/10/18 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\VoipDiscount
 
========== Purity Check ==========
 
 

< End of report >
         
OTL - Extras:

Code:
ATTFilter
OTL Extras logfile created on: 2/8/2013 10:38:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 441.98 Mb Available Physical Memory | 43.58% Memory free
2.99 Gb Paging File | 1.98 Gb Available in Paging File | 66.13% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 56.31 Gb Free Space | 70.39% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 43.04 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03386B1F-803A-4186-8DA4-D323B4071C9E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{14A6C1E0-851E-4969-8896-F9441085CF6B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{205CE3F2-78DF-4DA9-8B46-609A5118BE24}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3DD939B7-AAB7-483E-95D7-6F9BDF2BB99A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4A6065F1-83C8-439B-BD83-70D2F82CB5C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C4CDE39-CBA8-4F93-838D-2580F67AB958}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{57369344-79A8-4092-A134-192392D9BCB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6B28C47A-0ED4-4307-BBFC-448C13181989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FE02CD4-B385-4CD8-85CD-7DE53C93BEB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93EF180A-DC0C-4C4B-B3E9-E79B0DEA3649}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AF78E807-09D9-490A-BEDB-239192A3CE47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C164C7A6-7062-494A-ABE7-95A9FBC3D231}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CB34B017-5E1C-45A4-9040-36CDF7F601FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEB0A60B-5A38-4AF5-9BF8-A5DA11A05BF3}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1171A6D4-B8ED-4768-9E63-1879953FCAEE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"{286DC0BC-9132-4FB2-A61C-881DFE9BC8D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{391A479A-30B5-4C56-9C20-793828867B9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5BEACA52-A999-40E9-B412-B3321D83D6C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6208F3D2-72B6-4990-B6F6-0D807A9C6F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A80E8CDB-97AC-4F17-9F03-52CB09ECF51F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DC3252B4-E1F6-4A61-ADB3-8D2FD16877B5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"TCP Query User{03FCA698-A1F5-4494-B668-728880C2E613}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
"TCP Query User{77038D20-2671-4CCC-B213-A7DE7F183F1D}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
"UDP Query User{AC10CA33-B936-4CE0-921B-AB47D8859A28}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
"UDP Query User{D8B7EA4E-8324-4870-8EDD-16F508C435B3}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Edraw Mind Map_is1" = Edraw Mind Map V4
"Eee Docking_is1" = Eee Docking 3.7.0
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.6
"VLC media player" = VLC media player 2.0.5
"VoipDiscount_is1" = VoipDiscount
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/21/2012 6:24:58 AM | Computer Name = Netbook | Source = Application Hang | ID = 1002
Description = Programm PDFCreator.exe, Version 1.2.0.3 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 160c    Startzeit:
 01cd97e306c78209    Endzeit: 78    Anwendungspfad: C:\Program Files\PDFCreator\PDFCreator.exe

Berichts-ID:
 8bb9a07f-03d6-11e2-914d-20cf3057c295  
 
Error - 9/21/2012 11:02:10 AM | Computer Name = Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.1.3.1201,
 Zeitstempel: 0x4ed6f47d  Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.7601.17514,
 Zeitstempel: 0x4ce7b71c  Ausnahmecode: 0xc0000409  Fehleroffset: 0x000ab772  ID des fehlerhaften
 Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cd9809f0b6161f  Pfad der
 fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
Pfad
 des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
Berichtskennung:
 50d7231b-03fd-11e2-914d-20cf3057c295
 
Error - 10/17/2012 6:33:11 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 10/24/2012 9:44:35 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Die Aktion kann nicht abgeschlossen werden. Versuchen
 Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
 
Error - 10/25/2012 8:13:41 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 11/24/2012 9:10:46 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 11/26/2012 7:40:28 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 11/27/2012 4:57:33 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 11/28/2012 3:59:09 PM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 11/29/2012 9:51:47 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Die Aktion kann nicht abgeschlossen werden. Versuchen
 Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
 
[ System Events ]
Error - 2/7/2013 5:28:02 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 2/7/2013 5:28:32 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst BITS erreicht.
 
Error - 2/7/2013 5:28:32 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 2/7/2013 5:29:47 AM | Computer Name = Netbook | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 2/7/2013 7:26:58 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 2/7/2013 5:10:53 PM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 2/8/2013 7:24:45 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 2/8/2013 8:38:22 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 2/8/2013 8:38:22 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 2/8/2013 9:16:55 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
 
< End of report >
         
GMER:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-09 00:12:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002 149,05GB
Running: 2) gmer_2.0.18454.exe; Driver: C:\Users\...\AppData\Local\Temp\uwrdqpog.sys


---- System - GMER 2.0 ----

SSDT     87B30B06                                                                                                                                                                                                                           ZwCreateSection
SSDT     87B30B10                                                                                                                                                                                                                           ZwRequestWaitReplyPort
SSDT     87B30B0B                                                                                                                                                                                                                           ZwSetContextThread
SSDT     87B30B15                                                                                                                                                                                                                           ZwSetSecurityObject
SSDT     87B30B1A                                                                                                                                                                                                                           ZwSystemDebugControl
SSDT     87B30AA7                                                                                                                                                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text    ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                                                           81C50A49 1 Byte  [06]
.text    ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                             81C8A4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text    ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                                                81C9162C 4 Bytes  [06, 0B, B3, 87]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                                                81C91988 4 Bytes  [10, 0B, B3, 87] {ADC [EBX], CL; MOV BL, 0x87}
.text    ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                                                                81C919CC 4 Bytes  [0B, 0B, B3, 87] {OR ECX, [EBX]; MOV BL, 0x87}
.text    ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                                                                                                81C91A48 4 Bytes  [15, 0B, B3, 87]
.text    ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                                                                                                81C91A9C 4 Bytes  JMP B30B1A81 
.text    ...                                                                                                                                                                                                                                

---- User code sections - GMER 2.0 ----

.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtClose                                                                                                                       770254C8 5 Bytes  JMP 6A4BFFC0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtCreateFile                                                                                                                  770255C8 5 Bytes  JMP 6A4BEC96 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtCreateKey                                                                                                                   77025608 5 Bytes  JMP 6A4BB6DC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDeleteFile                                                                                                                  77025808 5 Bytes  JMP 6A4BEAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDeleteKey                                                                                                                   77025818 5 Bytes  JMP 6A4BAF5D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDeleteValueKey                                                                                                              77025848 5 Bytes  JMP 6A4BB220 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDuplicateObject                                                                                                             77025898 5 Bytes  JMP 6A4C0096 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtEnumerateKey                                                                                                                770258E8 5 Bytes  JMP 6A4BB001 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtEnumerateValueKey                                                                                                           77025918 5 Bytes  JMP 6A4BB17A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtFlushKey                                                                                                                    77025988 5 Bytes  JMP 6A4BAFAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtNotifyChangeKey                                                                                                             77025C68 5 Bytes  JMP 6A4BB2CE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                    77025C78 5 Bytes  JMP 6A4BB35C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtOpenFile                                                                                                                    77025CD8 5 Bytes  JMP 6A4BEE21 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtOpenKey                                                                                                                     77025D08 5 Bytes  JMP 6A4BB5ED C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtOpenKeyEx                                                                                                                   77025D18 5 Bytes  JMP 6A4BB660 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryAttributesFile                                                                                                         77025F38 5 Bytes  JMP 6A4BEB1E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryDirectoryFile                                                                                                          77025F98 5 Bytes  JMP 6A4BD81E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryFullAttributesFile                                                                                                     77025FE8 5 Bytes  JMP 6A4BEB8E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryKey                                                                                                                    770260E8 5 Bytes  JMP 6A4BB054 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryMultipleValueKey                                                                                                       77026108 5 Bytes  JMP 6A4BB27B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryObject                                                                                                                 77026128 5 Bytes  JMP 6A4C00EC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQuerySecurityObject                                                                                                         770261A8 5 Bytes  JMP 6A4C0030 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryValueKey                                                                                                               77026248 5 Bytes  JMP 6A4BB127 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtRenameKey                                                                                                                   770263C8 5 Bytes  JMP 6A4BB751 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetInformationFile                                                                                                          77026638 5 Bytes  JMP 6A4BEBFE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetInformationKey                                                                                                           77026658 5 Bytes  JMP 6A4BB0BA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetSecurityObject                                                                                                           77026758 5 Bytes  JMP 6A4C0149 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetValueKey                                                                                                                 77026808 5 Bytes  JMP 6A4BB1CD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!CreateProcessW                                                                                                             75A9204D 5 Bytes  JMP 6A498C27 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!CreateProcessA                                                                                                             75A92082 5 Bytes  JMP 6A498D65 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!CreateProcessAsUserW                                                                                                       75AC59FF 5 Bytes  JMP 6A498F9B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!SetDllDirectoryW                                                                                                           75B1D783 5 Bytes  JMP 6A49977C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!SetDllDirectoryA                                                                                                           75B1D82C 5 Bytes  JMP 6A499AAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!WinExec                                                                                                                    75B1EDAE 5 Bytes  JMP 6A49931E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!AllocConsole                                                                                                               75B3C675 5 Bytes  JMP 6A4C1210 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!AttachConsole                                                                                                              75B3C743 5 Bytes  JMP 6A4C1222 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] USER32.dll!CreateWindowExA                                                                                                              75B7BF40 5 Bytes  JMP 6A4C11E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] USER32.dll!CreateWindowExW                                                                                                              75B7EC7C 5 Bytes  JMP 6A4C11F8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] GDI32.dll!AddFontResourceW                                                                                                              75A0EC13 5 Bytes  JMP 6A4A6800 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] GDI32.dll!AddFontResourceA                                                                                                              75A0EFA7 5 Bytes  JMP 6A4A67E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumDependentServicesW                                                                                                     77161E3A 7 Bytes  JMP 6A4A956C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusExW                                                                                                      7716B466 7 Bytes  JMP 6A4AA48D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceKeyNameW                                                                                                         771878FF 7 Bytes  JMP 6A4A9C13 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceDisplayNameW                                                                                                     771879BB 7 Bytes  JMP 6A4A9DC4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusExA                                                                                                      7718A3E2 7 Bytes  JMP 6A4AA553 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!CreateProcessAsUserA                                                                                                       771A2538 5 Bytes  JMP 6A4990DD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceKeyNameA                                                                                                         771C1B94 7 Bytes  JMP 6A4A9CCB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceDisplayNameA                                                                                                     771C1C31 7 Bytes  JMP 6A4A9E7C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusA                                                                                                        771C2021 7 Bytes  JMP 6A4AA3CF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumDependentServicesA                                                                                                     771C2104 7 Bytes  JMP 6A4A9623 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusW                                                                                                        771C2221 5 Bytes  JMP 6A4AA311 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoRegisterPSClsid                                                                                                             75C4C56E 5 Bytes  JMP 6A4AFFF5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoResumeClassObjects + 7                                                                                                      75C4EA09 7 Bytes  JMP 6A4B05C6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleRun                                                                                                                        75C507DE 5 Bytes  JMP 6A4B0481 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoRegisterClassObject                                                                                                         75C521E1 5 Bytes  JMP 6A4B10F6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleUninitialize                                                                                                               75C5EBA1 6 Bytes  JMP 6A4B03A0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleInitialize                                                                                                                 75C5EFD7 5 Bytes  JMP 6A4B0330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoGetPSClsid                                                                                                                  75C626B9 5 Bytes  JMP 6A4B016D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoGetClassObject                                                                                                              75C754AD 5 Bytes  JMP 6A4B1684 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoInitializeEx                                                                                                                75C809AD 5 Bytes  JMP 6A4B01E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoUninitialize                                                                                                                75C886D3 5 Bytes  JMP 6A4B0262 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoCreateInstance                                                                                                              75C89D0B 5 Bytes  JMP 6A4B2952 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoCreateInstanceEx                                                                                                            75C89D4E 5 Bytes  JMP 6A4B0A8D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoSuspendClassObjects + 7                                                                                                     75CABB09 7 Bytes  JMP 6A4B04F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoRevokeClassObject                                                                                                           75CCEACF 5 Bytes  JMP 6A4AFA52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoGetInstanceFromFile                                                                                                         75D0340B 5 Bytes  JMP 6A4B1B44 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleRegEnumFormatEtc                                                                                                           75D4CFD9 5 Bytes  JMP 6A4B040B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtClose                                                                                                                                                                         770254C8 5 Bytes  JMP 6A4BFFC0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtCreateFile                                                                                                                                                                    770255C8 5 Bytes  JMP 6A4BEC96 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtCreateKey                                                                                                                                                                     77025608 5 Bytes  JMP 6A4BB6DC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDeleteFile                                                                                                                                                                    77025808 5 Bytes  JMP 6A4BEAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDeleteKey                                                                                                                                                                     77025818 5 Bytes  JMP 6A4BAF5D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDeleteValueKey                                                                                                                                                                77025848 5 Bytes  JMP 6A4BB220 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDuplicateObject                                                                                                                                                               77025898 5 Bytes  JMP 6A4C0096 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtEnumerateKey                                                                                                                                                                  770258E8 5 Bytes  JMP 6A4BB001 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtEnumerateValueKey                                                                                                                                                             77025918 5 Bytes  JMP 6A4BB17A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtFlushKey                                                                                                                                                                      77025988 5 Bytes  JMP 6A4BAFAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtNotifyChangeKey                                                                                                                                                               77025C68 5 Bytes  JMP 6A4BB2CE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                      77025C78 5 Bytes  JMP 6A4BB35C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtOpenFile                                                                                                                                                                      77025CD8 5 Bytes  JMP 6A4BEE21 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtOpenKey                                                                                                                                                                       77025D08 5 Bytes  JMP 6A4BB5ED C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtOpenKeyEx                                                                                                                                                                     77025D18 5 Bytes  JMP 6A4BB660 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryAttributesFile                                                                                                                                                           77025F38 5 Bytes  JMP 6A4BEB1E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryDirectoryFile                                                                                                                                                            77025F98 5 Bytes  JMP 6A4BD81E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryFullAttributesFile                                                                                                                                                       77025FE8 5 Bytes  JMP 6A4BEB8E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryKey                                                                                                                                                                      770260E8 5 Bytes  JMP 6A4BB054 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryMultipleValueKey                                                                                                                                                         77026108 5 Bytes  JMP 6A4BB27B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryObject                                                                                                                                                                   77026128 5 Bytes  JMP 6A4C00EC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQuerySecurityObject                                                                                                                                                           770261A8 5 Bytes  JMP 6A4C0030 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryValueKey                                                                                                                                                                 77026248 5 Bytes  JMP 6A4BB127 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtRenameKey                                                                                                                                                                     770263C8 5 Bytes  JMP 6A4BB751 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetInformationFile                                                                                                                                                            77026638 5 Bytes  JMP 6A4BEBFE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetInformationKey                                                                                                                                                             77026658 5 Bytes  JMP 6A4BB0BA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetSecurityObject                                                                                                                                                             77026758 5 Bytes  JMP 6A4C0149 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetValueKey                                                                                                                                                                   77026808 5 Bytes  JMP 6A4BB1CD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!CreateProcessW                                                                                                                                                               75A9204D 5 Bytes  JMP 6A498C27 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!CreateProcessA                                                                                                                                                               75A92082 5 Bytes  JMP 6A498D65 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!CreateProcessAsUserW                                                                                                                                                         75AC59FF 5 Bytes  JMP 6A498F9B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!SetDllDirectoryW                                                                                                                                                             75B1D783 5 Bytes  JMP 6A49977C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!SetDllDirectoryA                                                                                                                                                             75B1D82C 5 Bytes  JMP 6A499AAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!WinExec                                                                                                                                                                      75B1EDAE 5 Bytes  JMP 6A49931E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!AllocConsole                                                                                                                                                                 75B3C675 5 Bytes  JMP 6A4C1210 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!AttachConsole                                                                                                                                                                75B3C743 5 Bytes  JMP 6A4C1222 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] USER32.dll!CreateWindowExA                                                                                                                                                                75B7BF40 5 Bytes  JMP 6A4C11E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] USER32.dll!CreateWindowExW                                                                                                                                                                75B7EC7C 5 Bytes  JMP 6A4C11F8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] GDI32.dll!AddFontResourceW                                                                                                                                                                75A0EC13 5 Bytes  JMP 6A4A6800 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] GDI32.dll!AddFontResourceA                                                                                                                                                                75A0EFA7 5 Bytes  JMP 6A4A67E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumDependentServicesW                                                                                                                                                       77161E3A 7 Bytes  JMP 6A4A956C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusExW                                                                                                                                                        7716B466 7 Bytes  JMP 6A4AA48D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceKeyNameW                                                                                                                                                           771878FF 7 Bytes  JMP 6A4A9C13 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceDisplayNameW                                                                                                                                                       771879BB 7 Bytes  JMP 6A4A9DC4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusExA                                                                                                                                                        7718A3E2 7 Bytes  JMP 6A4AA553 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                                         771A2538 5 Bytes  JMP 6A4990DD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceKeyNameA                                                                                                                                                           771C1B94 7 Bytes  JMP 6A4A9CCB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceDisplayNameA                                                                                                                                                       771C1C31 7 Bytes  JMP 6A4A9E7C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusA                                                                                                                                                          771C2021 7 Bytes  JMP 6A4AA3CF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumDependentServicesA                                                                                                                                                       771C2104 7 Bytes  JMP 6A4A9623 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusW                                                                                                                                                          771C2221 5 Bytes  JMP 6A4AA311 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoRegisterPSClsid                                                                                                                                                               75C4C56E 5 Bytes  JMP 6A4AFFF5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoResumeClassObjects + 7                                                                                                                                                        75C4EA09 7 Bytes  JMP 6A4B05C6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleRun                                                                                                                                                                          75C507DE 5 Bytes  JMP 6A4B0481 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoRegisterClassObject                                                                                                                                                           75C521E1 5 Bytes  JMP 6A4B10F6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleUninitialize                                                                                                                                                                 75C5EBA1 6 Bytes  JMP 6A4B03A0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleInitialize                                                                                                                                                                   75C5EFD7 5 Bytes  JMP 6A4B0330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoGetPSClsid                                                                                                                                                                    75C626B9 5 Bytes  JMP 6A4B016D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoGetClassObject                                                                                                                                                                75C754AD 5 Bytes  JMP 6A4B1684 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoInitializeEx                                                                                                                                                                  75C809AD 5 Bytes  JMP 6A4B01E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoUninitialize                                                                                                                                                                  75C886D3 5 Bytes  JMP 6A4B0262 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoCreateInstance                                                                                                                                                                75C89D0B 5 Bytes  JMP 6A4B2952 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoCreateInstanceEx                                                                                                                                                              75C89D4E 5 Bytes  JMP 6A4B0A8D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoSuspendClassObjects + 7                                                                                                                                                       75CABB09 7 Bytes  JMP 6A4B04F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoRevokeClassObject                                                                                                                                                             75CCEACF 5 Bytes  JMP 6A4AFA52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoGetInstanceFromFile                                                                                                                                                           75D0340B 5 Bytes  JMP 6A4B1B44 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text    Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleRegEnumFormatEtc                                                                                                                                                             75D4CFD9 5 Bytes  JMP 6A4B040B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
---- Processes - GMER 2.0 ----

Library  Q:\140066.deu\Office14\MSOSYNC.EXE (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016]                                                                                                                                   0x2DD50000                                                                                                                                           
Library  Q:\140066.deu\Office14\1031\ospintl.dll (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016]                                                                                                                              0x725C0000                                                                                                                                           
Library  Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016]                                                                                                               0x6A2B0000                                                                                                                                           
Library  Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016]                                                                                                               0x71000000                                                                                                                                           
Library  Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016]                                                                                                               0x69F60000                                                                                                                                           

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6048c8d                                                                                                                                                        
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6048c8d (not active ControlSet)                                                                                                                                    
Reg      HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{3FBE69D4-2B6D-11E0-9C0E-806E6F6E6963}                                                                                                             1143933280
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1

---- EOF - GMER 2.0 ----
         
Es wäre super, wenn sich jemand meines Problems annehmen könnte!
Vielen Dank im Voraus!
lg, me.

Geändert von help me (09.02.2013 um 01:05 Uhr)

Alt 11.02.2013, 10:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hallo,

Zitat:
Library Q:\140066.deu\Office14\MSOSYNC.EXE (*** hidden *** )
Was ist (war?) Laufwerk Q denn bei dir? Externe Festplatte?


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 11.02.2013, 12:33   #3
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus,

vielen Dank, dass Du Dich meines Problems annimmst!

Q: ist ein vorinstalliertes "Microsoft Office-Klick-und-Los 2010". Wenn ich das richtig verstanden habe, soll es damit schneller gehen & weniger Speicherplatz verbrauchen, die Office Vollversion (bisher ist nur Office 2010 Starter vorinstalliert) herunterzuladen bzw. zu aktivieren. Wenn es nach mir geht, könnte man das Q-Laufwerk aber gerne plätten, ich hab eh überlegt, das zu deinstallieren.

Ich hab das Malwarebytes Anti-Rootkit laufen lassen, ein Neustart war nicht erforderlich & es wurde wohl auch nichts gefunden.

Hier ist die Log-Datei:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.11.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
... :: NETBOOK [administrator]

11.02.2013 12:20:59
mbar-log-2013-02-11 (12-20-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27369
Time elapsed: 24 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
lg, me.
__________________

Alt 11.02.2013, 12:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Ok, dann bitte jetzt Logs mit aswMBR und TDSS-Killer erstellen:

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.02.2013, 14:05   #5
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus,

beim ersten Mal ist aswMBR mit Bluescreen abgestürzt (hatte alles nach Anleitung gemacht). Beim zweiten Mal hat es geklappt - er hat allerdings nicht noch einmal das Update angeboten, ich geh also davon aus, dass er das beim 1. Mal geladene Update benutzen konnte.

Hier das Logfile:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-11 13:33:40
-----------------------------
13:33:40.368    OS Version: Windows 6.1.7601 Service Pack 1
13:33:40.368    Number of processors: 2 586 0x1C0A
13:33:40.384    ComputerName: NETBOOK  UserName: ...
13:34:58.805    Initialize success
13:35:32.860    AVAST engine defs: 13021100
13:39:03.460    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:39:03.476    Disk 0 Vendor: ST916031 0002 Size: 152627MB BusType: 3
13:39:03.523    Disk 0 MBR read successfully
13:39:03.538    Disk 0 MBR scan
13:39:03.663    Disk 0 Windows 7 default MBR code
13:39:03.679    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        81921 MB offset 2048
13:39:03.757    Disk 0 Partition 2 00     1B   Hidd FAT32 MSDOS5.0    15360 MB offset 167776256
13:39:03.804    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        55325 MB offset 199233536
13:39:03.866    Disk 0 Partition 4 00     EF      EFI FAT                20 MB offset 312539136
13:39:03.928    Disk 0 scanning sectors +312581808
13:39:04.178    Disk 0 scanning C:\windows\system32\drivers
13:39:30.265    Service scanning
13:40:20.466    Modules scanning
13:40:35.161    Disk 0 trace - called modules:
13:40:35.239    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
13:40:35.286    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c51948]
13:40:35.317    3 CLASSPNP.SYS[8699959e] -> nt!IofCallDriver -> [0x8423ce98]
13:40:35.348    5 ACPI.sys[862a03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83e47028]
13:40:36.081    AVAST engine scan C:\windows
13:40:39.966    AVAST engine scan C:\windows\system32
13:46:46.987    AVAST engine scan C:\windows\system32\drivers
13:47:19.997    AVAST engine scan C:\Users\...
13:49:01.631    AVAST engine scan C:\ProgramData
13:49:51.941    Scan finished successfully
13:50:35.356    Disk 0 MBR has been saved successfully to "C:\Users\...\Desktop\Logs\Original\MBR.dat"
13:50:35.387    The log file has been saved successfully to "C:\Users\...\Desktop\Logs\Original\aswMBR.txt"
         
Dann hab ich TDSSKiller wie in der Anleitung beschrieben gestartet, hier das Logfile:

Code:
ATTFilter
13:55:44.0440 4364  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:55:44.0518 4364  ============================================================
13:55:44.0518 4364  Current date / time: 2013/02/11 13:55:44.0518
13:55:44.0518 4364  SystemInfo:
13:55:44.0518 4364  
13:55:44.0518 4364  OS Version: 6.1.7601 ServicePack: 1.0
13:55:44.0518 4364  Product type: Workstation
13:55:44.0518 4364  ComputerName: NETBOOK
13:55:44.0518 4364  UserName: ...
13:55:44.0518 4364  Windows directory: C:\windows
13:55:44.0518 4364  System windows directory: C:\windows
13:55:44.0518 4364  Processor architecture: Intel x86
13:55:44.0518 4364  Number of processors: 2
13:55:44.0518 4364  Page size: 0x1000
13:55:44.0518 4364  Boot type: Normal boot
13:55:44.0518 4364  ============================================================
13:55:46.0374 4364  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:55:46.0390 4364  ============================================================
13:55:46.0390 4364  \Device\Harddisk0\DR0:
13:55:46.0390 4364  MBR partitions:
13:55:46.0390 4364  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000800
13:55:46.0390 4364  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBE01000, BlocksNum 0x6C0E800
13:55:46.0390 4364  ============================================================
13:55:46.0436 4364  C: <-> \Device\Harddisk0\DR0\Partition1
13:55:46.0468 4364  D: <-> \Device\Harddisk0\DR0\Partition2
13:55:46.0733 4364  ============================================================
13:55:46.0733 4364  Initialize success
13:55:46.0733 4364  ============================================================
13:55:56.0545 2976  ============================================================
13:55:56.0545 2976  Scan started
13:55:56.0545 2976  Mode: Manual; SigCheck; TDLFS; 
13:55:56.0545 2976  ============================================================
13:55:56.0998 2976  ================ Scan system memory ========================
13:55:56.0998 2976  System memory - ok
13:55:56.0998 2976  ================ Scan services =============================
13:55:57.0263 2976  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
13:55:57.0559 2976  1394ohci - ok
13:55:57.0637 2976  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
13:55:57.0715 2976  ACPI - ok
13:55:57.0746 2976  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
13:55:57.0871 2976  AcpiPmi - ok
13:55:58.0058 2976  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:55:58.0121 2976  AdobeARMservice - ok
13:55:58.0246 2976  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:55:58.0324 2976  AdobeFlashPlayerUpdateSvc - ok
13:55:58.0433 2976  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
13:55:58.0558 2976  adp94xx - ok
13:55:58.0604 2976  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
13:55:58.0682 2976  adpahci - ok
13:55:58.0745 2976  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
13:55:58.0792 2976  adpu320 - ok
13:55:58.0870 2976  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
13:55:58.0948 2976  AeLookupSvc - ok
13:55:59.0026 2976  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
13:55:59.0119 2976  AFD - ok
13:55:59.0197 2976  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
13:55:59.0244 2976  agp440 - ok
13:55:59.0291 2976  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
13:55:59.0353 2976  aic78xx - ok
13:55:59.0400 2976  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
13:55:59.0509 2976  ALG - ok
13:55:59.0556 2976  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
13:55:59.0618 2976  aliide - ok
13:55:59.0650 2976  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
13:55:59.0712 2976  amdagp - ok
13:55:59.0774 2976  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
13:55:59.0821 2976  amdide - ok
13:55:59.0868 2976  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
13:55:59.0962 2976  AmdK8 - ok
13:56:00.0008 2976  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
13:56:00.0102 2976  AmdPPM - ok
13:56:00.0149 2976  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
13:56:00.0227 2976  amdsata - ok
13:56:00.0274 2976  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
13:56:00.0336 2976  amdsbs - ok
13:56:00.0383 2976  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
13:56:00.0445 2976  amdxata - ok
13:56:00.0539 2976  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:56:00.0617 2976  AntiVirSchedulerService - ok
13:56:00.0695 2976  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:56:00.0742 2976  AntiVirService - ok
13:56:00.0804 2976  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
13:56:01.0007 2976  AppID - ok
13:56:01.0054 2976  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
13:56:01.0178 2976  AppIDSvc - ok
13:56:01.0225 2976  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
13:56:01.0366 2976  Appinfo - ok
13:56:01.0428 2976  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
13:56:01.0475 2976  arc - ok
13:56:01.0522 2976  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
13:56:01.0584 2976  arcsas - ok
13:56:01.0646 2976  [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
13:56:01.0709 2976  AsUpIO - ok
13:56:01.0756 2976  [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService     C:\Windows\System32\AsusService.exe
13:56:01.0802 2976  AsusService ( UnsignedFile.Multi.Generic ) - warning
13:56:01.0802 2976  AsusService - detected UnsignedFile.Multi.Generic (1)
13:56:01.0849 2976  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
13:56:02.0036 2976  AsyncMac - ok
13:56:02.0114 2976  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
13:56:02.0177 2976  atapi - ok
13:56:02.0317 2976  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr            C:\windows\system32\DRIVERS\athr.sys
13:56:02.0598 2976  athr - ok
13:56:02.0676 2976  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:56:02.0801 2976  AudioEndpointBuilder - ok
13:56:02.0863 2976  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
13:56:03.0004 2976  Audiosrv - ok
13:56:03.0082 2976  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
13:56:03.0144 2976  avgntflt - ok
13:56:03.0191 2976  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
13:56:03.0253 2976  avipbb - ok
13:56:03.0284 2976  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
13:56:03.0331 2976  avkmgr - ok
13:56:03.0409 2976  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
13:56:03.0534 2976  AxInstSV - ok
13:56:03.0612 2976  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
13:56:03.0690 2976  b06bdrv - ok
13:56:03.0721 2976  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
13:56:03.0784 2976  b57nd60x - ok
13:56:03.0846 2976  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
13:56:03.0940 2976  BDESVC - ok
13:56:03.0986 2976  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
13:56:04.0142 2976  Beep - ok
13:56:04.0236 2976  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
13:56:04.0423 2976  BFE - ok
13:56:04.0548 2976  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
13:56:04.0735 2976  BITS - ok
13:56:04.0782 2976  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
13:56:04.0860 2976  blbdrive - ok
13:56:04.0922 2976  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
13:56:05.0016 2976  bowser - ok
13:56:05.0047 2976  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
13:56:05.0156 2976  BrFiltLo - ok
13:56:05.0203 2976  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
13:56:05.0297 2976  BrFiltUp - ok
13:56:05.0375 2976  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
13:56:05.0453 2976  Browser - ok
13:56:05.0515 2976  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
13:56:05.0609 2976  Brserid - ok
13:56:05.0640 2976  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
13:56:05.0749 2976  BrSerWdm - ok
13:56:05.0780 2976  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
13:56:05.0874 2976  BrUsbMdm - ok
13:56:05.0905 2976  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
13:56:05.0968 2976  BrUsbSer - ok
13:56:06.0046 2976  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
13:56:06.0124 2976  BthEnum - ok
13:56:06.0186 2976  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
13:56:06.0248 2976  BTHMODEM - ok
13:56:06.0295 2976  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
13:56:06.0373 2976  BthPan - ok
13:56:06.0467 2976  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
13:56:06.0545 2976  BTHPORT - ok
13:56:06.0623 2976  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
13:56:06.0763 2976  bthserv - ok
13:56:06.0826 2976  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
13:56:06.0888 2976  BTHUSB - ok
13:56:06.0919 2976  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
13:56:06.0950 2976  btusbflt - ok
13:56:06.0982 2976  btwaudio - ok
13:56:07.0013 2976  btwavdt - ok
13:56:07.0028 2976  btwl2cap - ok
13:56:07.0075 2976  btwrchid - ok
13:56:07.0122 2976  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
13:56:07.0262 2976  cdfs - ok
13:56:07.0340 2976  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
13:56:07.0403 2976  cdrom - ok
13:56:07.0481 2976  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
13:56:07.0652 2976  CertPropSvc - ok
13:56:07.0730 2976  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
13:56:07.0840 2976  circlass - ok
13:56:07.0886 2976  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
13:56:07.0964 2976  CLFS - ok
13:56:08.0058 2976  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:56:08.0120 2976  clr_optimization_v2.0.50727_32 - ok
13:56:08.0167 2976  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
13:56:08.0276 2976  CmBatt - ok
13:56:08.0354 2976  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
13:56:08.0401 2976  cmdide - ok
13:56:08.0448 2976  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\windows\system32\Drivers\cng.sys
13:56:08.0542 2976  CNG - ok
13:56:08.0588 2976  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
13:56:08.0635 2976  Compbatt - ok
13:56:08.0698 2976  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
13:56:08.0760 2976  CompositeBus - ok
13:56:08.0807 2976  COMSysApp - ok
13:56:08.0854 2976  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
13:56:08.0900 2976  crcdisk - ok
13:56:08.0963 2976  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
13:56:09.0025 2976  CryptSvc - ok
13:56:09.0166 2976  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:56:09.0275 2976  cvhsvc - ok
13:56:09.0353 2976  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
13:56:09.0478 2976  DcomLaunch - ok
13:56:09.0524 2976  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
13:56:09.0665 2976  defragsvc - ok
13:56:09.0727 2976  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
13:56:09.0836 2976  DfsC - ok
13:56:09.0946 2976  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
13:56:10.0055 2976  Dhcp - ok
13:56:10.0117 2976  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
13:56:10.0226 2976  discache - ok
13:56:10.0289 2976  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
13:56:10.0336 2976  Disk - ok
13:56:10.0398 2976  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
13:56:10.0476 2976  Dnscache - ok
13:56:10.0554 2976  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
13:56:10.0694 2976  dot3svc - ok
13:56:10.0741 2976  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
13:56:11.0053 2976  DPS - ok
13:56:11.0100 2976  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
13:56:11.0162 2976  drmkaud - ok
13:56:11.0256 2976  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
13:56:11.0350 2976  DXGKrnl - ok
13:56:11.0428 2976  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
13:56:11.0552 2976  EapHost - ok
13:56:11.0724 2976  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
13:56:11.0958 2976  ebdrv - ok
13:56:12.0020 2976  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
13:56:12.0083 2976  EFS - ok
13:56:12.0161 2976  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
13:56:12.0223 2976  elxstor - ok
13:56:12.0286 2976  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
13:56:12.0348 2976  ErrDev - ok
13:56:12.0442 2976  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
13:56:12.0566 2976  EventSystem - ok
13:56:12.0613 2976  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
13:56:12.0722 2976  exfat - ok
13:56:12.0769 2976  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
13:56:12.0894 2976  fastfat - ok
13:56:12.0956 2976  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
13:56:13.0081 2976  Fax - ok
13:56:13.0128 2976  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
13:56:13.0190 2976  fdc - ok
13:56:13.0253 2976  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
13:56:13.0378 2976  fdPHost - ok
13:56:13.0409 2976  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
13:56:13.0502 2976  FDResPub - ok
13:56:13.0534 2976  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
13:56:13.0596 2976  FileInfo - ok
13:56:13.0627 2976  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
13:56:13.0736 2976  Filetrace - ok
13:56:13.0783 2976  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
13:56:13.0830 2976  flpydisk - ok
13:56:13.0861 2976  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
13:56:13.0908 2976  FltMgr - ok
13:56:14.0033 2976  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
13:56:14.0204 2976  FontCache - ok
13:56:14.0314 2976  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:56:14.0376 2976  FontCache3.0.0.0 - ok
13:56:14.0407 2976  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
13:56:14.0470 2976  FsDepends - ok
13:56:14.0501 2976  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
13:56:14.0563 2976  Fs_Rec - ok
13:56:14.0626 2976  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
13:56:14.0704 2976  fvevol - ok
13:56:14.0750 2976  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
13:56:14.0813 2976  gagp30kx - ok
13:56:14.0860 2976  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
13:56:15.0031 2976  gpsvc - ok
13:56:15.0062 2976  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
13:56:15.0140 2976  hcw85cir - ok
13:56:15.0218 2976  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:56:15.0296 2976  HdAudAddService - ok
13:56:15.0359 2976  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
13:56:15.0437 2976  HDAudBus - ok
13:56:15.0468 2976  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
13:56:15.0546 2976  HidBatt - ok
13:56:15.0577 2976  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
13:56:15.0655 2976  HidBth - ok
13:56:15.0671 2976  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
13:56:15.0764 2976  HidIr - ok
13:56:15.0811 2976  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
13:56:15.0936 2976  hidserv - ok
13:56:15.0998 2976  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
13:56:16.0061 2976  HidUsb - ok
13:56:16.0108 2976  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
13:56:16.0248 2976  hkmsvc - ok
13:56:16.0310 2976  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:56:16.0420 2976  HomeGroupListener - ok
13:56:16.0466 2976  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:56:16.0560 2976  HomeGroupProvider - ok
13:56:16.0622 2976  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
13:56:16.0669 2976  HpSAMD - ok
13:56:16.0732 2976  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
13:56:16.0903 2976  HTTP - ok
13:56:16.0950 2976  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
13:56:17.0012 2976  hwpolicy - ok
13:56:17.0075 2976  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
13:56:17.0153 2976  i8042prt - ok
13:56:17.0231 2976  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:56:17.0324 2976  IAANTMON - ok
13:56:17.0387 2976  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
13:56:17.0449 2976  iaStor - ok
13:56:17.0496 2976  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
13:56:17.0574 2976  iaStorV - ok
13:56:17.0668 2976  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:56:17.0792 2976  idsvc - ok
13:56:18.0011 2976  [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
13:56:18.0370 2976  igfx - ok
13:56:18.0432 2976  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
13:56:18.0479 2976  iirsp - ok
13:56:18.0557 2976  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
13:56:18.0744 2976  IKEEXT - ok
13:56:18.0947 2976  [ BF9866875EDF86AAE24DD8BD9418DEFF ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
13:56:19.0228 2976  IntcAzAudAddService - ok
13:56:19.0259 2976  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
13:56:19.0290 2976  intelide - ok
13:56:19.0353 2976  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
13:56:19.0399 2976  intelppm - ok
13:56:19.0462 2976  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
13:56:19.0602 2976  IPBusEnum - ok
13:56:19.0633 2976  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
13:56:19.0789 2976  IpFilterDriver - ok
13:56:19.0899 2976  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
13:56:20.0039 2976  iphlpsvc - ok
13:56:20.0086 2976  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
13:56:20.0179 2976  IPMIDRV - ok
13:56:20.0211 2976  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
13:56:20.0351 2976  IPNAT - ok
13:56:20.0413 2976  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
13:56:20.0507 2976  IRENUM - ok
13:56:20.0554 2976  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
13:56:20.0616 2976  isapnp - ok
13:56:20.0679 2976  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
13:56:20.0788 2976  iScsiPrt - ok
13:56:20.0850 2976  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
13:56:20.0913 2976  kbdclass - ok
13:56:20.0944 2976  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
13:56:21.0006 2976  kbdhid - ok
13:56:21.0084 2976  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
13:56:21.0115 2976  kbfiltr - ok
13:56:21.0147 2976  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
13:56:21.0193 2976  KeyIso - ok
13:56:21.0225 2976  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
13:56:21.0271 2976  KSecDD - ok
13:56:21.0318 2976  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
13:56:21.0365 2976  KSecPkg - ok
13:56:21.0412 2976  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
13:56:21.0537 2976  KtmRm - ok
13:56:21.0583 2976  [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
13:56:21.0646 2976  L1C - ok
13:56:21.0708 2976  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
13:56:21.0849 2976  LanmanServer - ok
13:56:21.0880 2976  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:56:22.0005 2976  LanmanWorkstation - ok
13:56:22.0067 2976  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
13:56:22.0207 2976  lltdio - ok
13:56:22.0254 2976  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
13:56:22.0410 2976  lltdsvc - ok
13:56:22.0441 2976  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
13:56:22.0566 2976  lmhosts - ok
13:56:22.0629 2976  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
13:56:22.0691 2976  LSI_FC - ok
13:56:22.0722 2976  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
13:56:22.0785 2976  LSI_SAS - ok
13:56:22.0800 2976  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
13:56:22.0863 2976  LSI_SAS2 - ok
13:56:22.0894 2976  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
13:56:22.0956 2976  LSI_SCSI - ok
13:56:23.0003 2976  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
13:56:23.0112 2976  luafv - ok
13:56:23.0159 2976  [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter      C:\windows\system32\DRIVERS\massfilter.sys
13:56:23.0253 2976  massfilter - ok
13:56:23.0315 2976  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
13:56:23.0362 2976  MBAMProtector - ok
13:56:23.0424 2976  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:56:23.0502 2976  MBAMScheduler - ok
13:56:23.0565 2976  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:56:23.0658 2976  MBAMService - ok
13:56:23.0721 2976  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
13:56:23.0767 2976  megasas - ok
13:56:23.0830 2976  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
13:56:23.0892 2976  MegaSR - ok
13:56:23.0939 2976  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
13:56:24.0079 2976  MMCSS - ok
13:56:24.0095 2976  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
13:56:24.0235 2976  Modem - ok
13:56:24.0282 2976  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
13:56:24.0360 2976  monitor - ok
13:56:24.0407 2976  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
13:56:24.0469 2976  mouclass - ok
13:56:24.0501 2976  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
13:56:24.0579 2976  mouhid - ok
13:56:24.0657 2976  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
13:56:24.0703 2976  mountmgr - ok
13:56:24.0781 2976  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:56:24.0828 2976  MozillaMaintenance - ok
13:56:24.0891 2976  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
13:56:24.0937 2976  mpio - ok
13:56:25.0000 2976  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
13:56:25.0125 2976  mpsdrv - ok
13:56:25.0203 2976  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
13:56:25.0374 2976  MpsSvc - ok
13:56:25.0421 2976  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
13:56:25.0515 2976  MRxDAV - ok
13:56:25.0577 2976  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
13:56:25.0686 2976  mrxsmb - ok
13:56:25.0733 2976  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
13:56:25.0827 2976  mrxsmb10 - ok
13:56:25.0858 2976  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
13:56:25.0936 2976  mrxsmb20 - ok
13:56:25.0983 2976  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
13:56:26.0045 2976  msahci - ok
13:56:26.0076 2976  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
13:56:26.0139 2976  msdsm - ok
13:56:26.0170 2976  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
13:56:26.0263 2976  MSDTC - ok
13:56:26.0310 2976  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
13:56:26.0435 2976  Msfs - ok
13:56:26.0482 2976  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
13:56:26.0622 2976  mshidkmdf - ok
13:56:26.0653 2976  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
13:56:26.0716 2976  msisadrv - ok
13:56:26.0763 2976  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
13:56:26.0903 2976  MSiSCSI - ok
13:56:26.0919 2976  msiserver - ok
13:56:26.0981 2976  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
13:56:27.0121 2976  MSKSSRV - ok
13:56:27.0137 2976  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
13:56:27.0293 2976  MSPCLOCK - ok
13:56:27.0309 2976  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
13:56:27.0433 2976  MSPQM - ok
13:56:27.0480 2976  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
13:56:27.0543 2976  MsRPC - ok
13:56:27.0605 2976  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
13:56:27.0667 2976  mssmbios - ok
13:56:27.0699 2976  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
13:56:27.0839 2976  MSTEE - ok
13:56:27.0855 2976  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
13:56:27.0917 2976  MTConfig - ok
13:56:27.0964 2976  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
13:56:28.0011 2976  Mup - ok
13:56:28.0089 2976  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
13:56:28.0245 2976  napagent - ok
13:56:28.0323 2976  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
13:56:28.0416 2976  NativeWifiP - ok
13:56:28.0494 2976  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
13:56:28.0603 2976  NDIS - ok
13:56:28.0666 2976  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
13:56:28.0791 2976  NdisCap - ok
13:56:28.0822 2976  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
13:56:28.0947 2976  NdisTapi - ok
13:56:29.0025 2976  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
13:56:29.0134 2976  Ndisuio - ok
13:56:29.0196 2976  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
13:56:29.0337 2976  NdisWan - ok
13:56:29.0368 2976  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
13:56:29.0493 2976  NDProxy - ok
13:56:29.0555 2976  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
13:56:29.0571 2976  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:56:29.0571 2976  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:56:29.0617 2976  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
13:56:29.0758 2976  NetBIOS - ok
13:56:29.0805 2976  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
13:56:29.0961 2976  NetBT - ok
13:56:29.0992 2976  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
13:56:30.0054 2976  Netlogon - ok
13:56:30.0101 2976  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
13:56:30.0273 2976  Netman - ok
13:56:30.0319 2976  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
13:56:30.0491 2976  netprofm - ok
13:56:30.0538 2976  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:56:30.0585 2976  NetTcpPortSharing - ok
13:56:30.0631 2976  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
13:56:30.0694 2976  nfrd960 - ok
13:56:30.0741 2976  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
13:56:30.0819 2976  NlaSvc - ok
13:56:30.0865 2976  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
13:56:30.0975 2976  Npfs - ok
13:56:31.0021 2976  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
13:56:31.0162 2976  nsi - ok
13:56:31.0193 2976  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
13:56:31.0318 2976  nsiproxy - ok
13:56:31.0443 2976  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
13:56:31.0599 2976  Ntfs - ok
13:56:31.0645 2976  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
13:56:31.0786 2976  Null - ok
13:56:31.0833 2976  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
13:56:31.0895 2976  nvraid - ok
13:56:31.0926 2976  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
13:56:31.0989 2976  nvstor - ok
13:56:32.0035 2976  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
13:56:32.0082 2976  nv_agp - ok
13:56:32.0113 2976  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
13:56:32.0191 2976  ohci1394 - ok
13:56:32.0223 2976  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:56:32.0285 2976  ose - ok
13:56:32.0488 2976  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:56:32.0893 2976  osppsvc - ok
13:56:33.0096 2976  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
13:56:33.0221 2976  p2pimsvc - ok
13:56:33.0252 2976  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
13:56:33.0361 2976  p2psvc - ok
13:56:33.0408 2976  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
13:56:33.0486 2976  Parport - ok
13:56:33.0533 2976  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
13:56:33.0595 2976  partmgr - ok
13:56:33.0627 2976  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
13:56:33.0705 2976  Parvdm - ok
13:56:33.0736 2976  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
13:56:33.0829 2976  PcaSvc - ok
13:56:33.0876 2976  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
13:56:33.0939 2976  pci - ok
13:56:33.0970 2976  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
13:56:34.0032 2976  pciide - ok
13:56:34.0063 2976  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
13:56:34.0126 2976  pcmcia - ok
13:56:34.0141 2976  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
13:56:34.0204 2976  pcw - ok
13:56:34.0251 2976  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
13:56:34.0438 2976  PEAUTH - ok
13:56:34.0594 2976  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
13:56:34.0828 2976  pla - ok
13:56:34.0890 2976  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
13:56:35.0015 2976  PlugPlay - ok
13:56:35.0046 2976  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
13:56:35.0093 2976  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:56:35.0093 2976  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:56:35.0140 2976  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
13:56:35.0218 2976  PNRPAutoReg - ok
13:56:35.0265 2976  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
13:56:35.0343 2976  PNRPsvc - ok
13:56:35.0405 2976  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
13:56:35.0561 2976  PolicyAgent - ok
13:56:35.0623 2976  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
13:56:35.0764 2976  Power - ok
13:56:35.0811 2976  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
13:56:35.0951 2976  PptpMiniport - ok
13:56:36.0013 2976  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
13:56:36.0107 2976  Processor - ok
13:56:36.0169 2976  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
13:56:36.0263 2976  ProfSvc - ok
13:56:36.0294 2976  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
13:56:36.0341 2976  ProtectedStorage - ok
13:56:36.0403 2976  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
13:56:36.0528 2976  Psched - ok
13:56:36.0591 2976  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
13:56:36.0637 2976  PSI - ok
13:56:36.0715 2976  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
13:56:36.0887 2976  ql2300 - ok
13:56:36.0903 2976  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
13:56:36.0981 2976  ql40xx - ok
13:56:37.0027 2976  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
13:56:37.0137 2976  QWAVE - ok
13:56:37.0168 2976  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
13:56:37.0246 2976  QWAVEdrv - ok
13:56:37.0277 2976  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
13:56:37.0417 2976  RasAcd - ok
13:56:37.0464 2976  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
13:56:37.0573 2976  RasAgileVpn - ok
13:56:37.0620 2976  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
13:56:37.0761 2976  RasAuto - ok
13:56:37.0792 2976  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
13:56:37.0917 2976  Rasl2tp - ok
13:56:37.0995 2976  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
13:56:38.0151 2976  RasMan - ok
13:56:38.0197 2976  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
13:56:38.0338 2976  RasPppoe - ok
13:56:38.0400 2976  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
13:56:38.0525 2976  RasSstp - ok
13:56:38.0572 2976  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
13:56:38.0712 2976  rdbss - ok
13:56:38.0743 2976  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
13:56:38.0837 2976  rdpbus - ok
13:56:38.0899 2976  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
13:56:39.0024 2976  RDPCDD - ok
13:56:39.0071 2976  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
13:56:39.0211 2976  RDPENCDD - ok
13:56:39.0258 2976  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
13:56:39.0367 2976  RDPREFMP - ok
13:56:39.0461 2976  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
13:56:39.0523 2976  RdpVideoMiniport - ok
13:56:39.0570 2976  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
13:56:39.0648 2976  RDPWD - ok
13:56:39.0726 2976  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
13:56:39.0789 2976  rdyboost - ok
13:56:39.0820 2976  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
13:56:39.0960 2976  RemoteAccess - ok
13:56:40.0007 2976  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
13:56:40.0147 2976  RemoteRegistry - ok
13:56:40.0210 2976  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
13:56:40.0303 2976  RFCOMM - ok
13:56:40.0350 2976  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
13:56:40.0506 2976  RpcEptMapper - ok
13:56:40.0537 2976  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
13:56:40.0631 2976  RpcLocator - ok
13:56:40.0693 2976  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
13:56:40.0818 2976  RpcSs - ok
13:56:40.0881 2976  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
13:56:41.0021 2976  rspndr - ok
13:56:41.0052 2976  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
13:56:41.0115 2976  SamSs - ok
13:56:41.0146 2976  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
13:56:41.0208 2976  sbp2port - ok
13:56:41.0255 2976  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
13:56:41.0411 2976  SCardSvr - ok
13:56:41.0458 2976  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
13:56:41.0598 2976  scfilter - ok
13:56:41.0661 2976  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
13:56:41.0832 2976  Schedule - ok
13:56:41.0863 2976  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
13:56:41.0973 2976  SCPolicySvc - ok
13:56:42.0035 2976  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
13:56:42.0129 2976  SDRSVC - ok
13:56:42.0175 2976  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
13:56:42.0316 2976  secdrv - ok
13:56:42.0363 2976  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
13:56:42.0503 2976  seclogon - ok
13:56:42.0643 2976  [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:56:42.0784 2976  Secunia PSI Agent - ok
13:56:42.0831 2976  [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:56:42.0940 2976  Secunia Update Agent - ok
13:56:42.0971 2976  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
13:56:43.0127 2976  SENS - ok
13:56:43.0174 2976  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
13:56:43.0236 2976  Serenum - ok
13:56:43.0267 2976  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
13:56:43.0345 2976  Serial - ok
13:56:43.0377 2976  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
13:56:43.0455 2976  sermouse - ok
13:56:43.0533 2976  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
13:56:43.0673 2976  SessionEnv - ok
13:56:43.0720 2976  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
13:56:43.0798 2976  sffdisk - ok
13:56:43.0845 2976  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
13:56:43.0907 2976  sffp_mmc - ok
13:56:43.0923 2976  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
13:56:44.0016 2976  sffp_sd - ok
13:56:44.0063 2976  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
13:56:44.0125 2976  sfloppy - ok
13:56:44.0203 2976  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
13:56:44.0297 2976  Sftfs - ok
13:56:44.0375 2976  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
13:56:44.0469 2976  sftlist - ok
13:56:44.0515 2976  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
13:56:44.0562 2976  Sftplay - ok
13:56:44.0593 2976  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
13:56:44.0640 2976  Sftredir - ok
13:56:44.0671 2976  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
13:56:44.0718 2976  Sftvol - ok
13:56:44.0765 2976  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
13:56:44.0812 2976  sftvsa - ok
13:56:44.0859 2976  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
13:56:45.0030 2976  SharedAccess - ok
13:56:45.0077 2976  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:56:45.0233 2976  ShellHWDetection - ok
13:56:45.0280 2976  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
13:56:45.0342 2976  sisagp - ok
13:56:45.0373 2976  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
13:56:45.0420 2976  SiSRaid2 - ok
13:56:45.0436 2976  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
13:56:45.0498 2976  SiSRaid4 - ok
13:56:45.0576 2976  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:56:45.0639 2976  SkypeUpdate - ok
13:56:45.0685 2976  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
13:56:45.0810 2976  Smb - ok
13:56:45.0857 2976  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
13:56:45.0935 2976  SNMPTRAP - ok
13:56:45.0982 2976  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
13:56:46.0029 2976  spldr - ok
13:56:46.0091 2976  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
13:56:46.0185 2976  Spooler - ok
13:56:46.0341 2976  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
13:56:46.0653 2976  sppsvc - ok
13:56:46.0715 2976  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
13:56:46.0840 2976  sppuinotify - ok
13:56:46.0887 2976  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
13:56:46.0996 2976  srv - ok
13:56:47.0043 2976  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
13:56:47.0136 2976  srv2 - ok
13:56:47.0183 2976  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
13:56:47.0261 2976  srvnet - ok
13:56:47.0308 2976  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
13:56:47.0448 2976  SSDPSRV - ok
13:56:47.0479 2976  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
13:56:47.0526 2976  ssmdrv - ok
13:56:47.0557 2976  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
13:56:47.0698 2976  SstpSvc - ok
13:56:47.0745 2976  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
13:56:47.0791 2976  stexstor - ok
13:56:47.0885 2976  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
13:56:48.0010 2976  StiSvc - ok
13:56:48.0057 2976  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
13:56:48.0119 2976  swenum - ok
13:56:48.0166 2976  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
13:56:48.0353 2976  swprv - ok
13:56:48.0431 2976  [ BD8E7F87DE409A745A132A8812DE5A96 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
13:56:48.0493 2976  SynTP - ok
13:56:48.0603 2976  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
13:56:48.0759 2976  SysMain - ok
13:56:48.0805 2976  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
13:56:48.0915 2976  TabletInputService - ok
13:56:48.0977 2976  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
13:56:49.0133 2976  TapiSrv - ok
13:56:49.0180 2976  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
13:56:49.0336 2976  TBS - ok
13:56:49.0429 2976  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
13:56:49.0617 2976  Tcpip - ok
13:56:49.0679 2976  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
13:56:49.0819 2976  TCPIP6 - ok
13:56:49.0866 2976  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
13:56:49.0929 2976  tcpipreg - ok
13:56:49.0991 2976  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
13:56:50.0069 2976  TDPIPE - ok
13:56:50.0100 2976  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
13:56:50.0178 2976  TDTCP - ok
13:56:50.0225 2976  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
13:56:50.0334 2976  tdx - ok
13:56:50.0381 2976  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
13:56:50.0428 2976  TermDD - ok
13:56:50.0490 2976  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
13:56:50.0646 2976  TermService - ok
13:56:50.0709 2976  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
13:56:50.0802 2976  Themes - ok
13:56:50.0849 2976  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
13:56:50.0974 2976  THREADORDER - ok
13:56:51.0005 2976  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
13:56:51.0145 2976  TrkWks - ok
13:56:51.0223 2976  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:56:51.0364 2976  TrustedInstaller - ok
13:56:51.0395 2976  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
13:56:51.0535 2976  tssecsrv - ok
13:56:51.0582 2976  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
13:56:51.0660 2976  TsUsbFlt - ok
13:56:51.0723 2976  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
13:56:51.0847 2976  tunnel - ok
13:56:51.0910 2976  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
13:56:51.0972 2976  uagp35 - ok
13:56:52.0019 2976  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
13:56:52.0159 2976  udfs - ok
13:56:52.0253 2976  [ B7A165DDC6B2C8ACCFD5986933940285 ] UI Assistant Service C:\Program Files\ZTE Join Air\AssistantServices.exe
13:56:52.0300 2976  UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
13:56:52.0300 2976  UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
13:56:52.0331 2976  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
13:56:52.0425 2976  UI0Detect - ok
13:56:52.0518 2976  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
13:56:52.0581 2976  uliagpkx - ok
13:56:52.0627 2976  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
13:56:52.0705 2976  umbus - ok
13:56:52.0752 2976  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
13:56:52.0830 2976  UmPass - ok
13:56:52.0877 2976  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
13:56:53.0033 2976  upnphost - ok
13:56:53.0080 2976  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
13:56:53.0158 2976  usbaudio - ok
13:56:53.0189 2976  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
13:56:53.0267 2976  usbccgp - ok
13:56:53.0314 2976  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
13:56:53.0392 2976  usbcir - ok
13:56:53.0439 2976  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
13:56:53.0517 2976  usbehci - ok
13:56:53.0563 2976  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
13:56:53.0641 2976  usbhub - ok
13:56:53.0673 2976  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
13:56:53.0735 2976  usbohci - ok
13:56:53.0766 2976  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
13:56:53.0860 2976  usbprint - ok
13:56:53.0907 2976  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
13:56:53.0985 2976  USBSTOR - ok
13:56:54.0016 2976  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
13:56:54.0094 2976  usbuhci - ok
13:56:54.0125 2976  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
13:56:54.0219 2976  usbvideo - ok
13:56:54.0265 2976  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
13:56:54.0406 2976  UxSms - ok
13:56:54.0437 2976  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
13:56:54.0499 2976  VaultSvc - ok
13:56:54.0546 2976  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
13:56:54.0609 2976  vdrvroot - ok
13:56:54.0671 2976  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
13:56:54.0827 2976  vds - ok
13:56:54.0874 2976  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
13:56:54.0967 2976  vga - ok
13:56:54.0999 2976  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
13:56:55.0123 2976  VgaSave - ok
13:56:55.0170 2976  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
13:56:55.0248 2976  vhdmp - ok
13:56:55.0279 2976  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
13:56:55.0342 2976  viaagp - ok
13:56:55.0373 2976  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
13:56:55.0451 2976  ViaC7 - ok
13:56:55.0498 2976  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
13:56:55.0545 2976  viaide - ok
13:56:55.0576 2976  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
13:56:55.0638 2976  volmgr - ok
13:56:55.0669 2976  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
13:56:55.0747 2976  volmgrx - ok
13:56:55.0779 2976  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
13:56:55.0857 2976  volsnap - ok
13:56:55.0888 2976  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
13:56:55.0950 2976  vsmraid - ok
13:56:56.0028 2976  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
13:56:56.0247 2976  VSS - ok
13:56:56.0278 2976  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
13:56:56.0340 2976  vwifibus - ok
13:56:56.0387 2976  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
13:56:56.0481 2976  vwififlt - ok
13:56:56.0527 2976  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
13:56:56.0605 2976  vwifimp - ok
13:56:56.0652 2976  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
13:56:56.0824 2976  W32Time - ok
13:56:56.0995 2976  [ B8C182DF79AC8938311AC8E193D52762 ] w800bus         C:\windows\system32\DRIVERS\w800bus.sys
13:56:57.0073 2976  w800bus - ok
13:56:57.0120 2976  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
13:56:57.0183 2976  WacomPen - ok
13:56:57.0229 2976  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
13:56:57.0339 2976  WANARP - ok
13:56:57.0354 2976  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
13:56:57.0479 2976  Wanarpv6 - ok
13:56:57.0557 2976  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
13:56:57.0729 2976  wbengine - ok
13:56:57.0775 2976  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
13:56:57.0885 2976  WbioSrvc - ok
13:56:57.0931 2976  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
13:56:58.0056 2976  wcncsvc - ok
13:56:58.0087 2976  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:56:58.0197 2976  WcsPlugInService - ok
13:56:58.0228 2976  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
13:56:58.0275 2976  Wd - ok
13:56:58.0337 2976  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
13:56:58.0446 2976  Wdf01000 - ok
13:56:58.0477 2976  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
13:56:58.0618 2976  WdiServiceHost - ok
13:56:58.0649 2976  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
13:56:58.0727 2976  WdiSystemHost - ok
13:56:58.0789 2976  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
13:56:58.0883 2976  WebClient - ok
13:56:58.0930 2976  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
13:56:59.0070 2976  Wecsvc - ok
13:56:59.0117 2976  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
13:56:59.0273 2976  wercplsupport - ok
13:56:59.0320 2976  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
13:56:59.0460 2976  WerSvc - ok
13:56:59.0538 2976  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
13:56:59.0663 2976  WfpLwf - ok
13:56:59.0694 2976  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
13:56:59.0741 2976  WIMMount - ok
13:56:59.0819 2976  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:56:59.0959 2976  WinDefend - ok
13:56:59.0991 2976  WinHttpAutoProxySvc - ok
13:57:00.0084 2976  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
13:57:00.0225 2976  Winmgmt - ok
13:57:00.0318 2976  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
13:57:00.0521 2976  WinRM - ok
13:57:00.0630 2976  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
13:57:00.0786 2976  Wlansvc - ok
13:57:00.0833 2976  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
13:57:00.0942 2976  WmiAcpi - ok
13:57:01.0020 2976  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
13:57:01.0098 2976  wmiApSrv - ok
13:57:01.0207 2976  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:57:01.0363 2976  WMPNetworkSvc - ok
13:57:01.0410 2976  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
13:57:01.0519 2976  WPCSvc - ok
13:57:01.0566 2976  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
13:57:01.0691 2976  WPDBusEnum - ok
13:57:01.0738 2976  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
13:57:01.0847 2976  ws2ifsl - ok
13:57:01.0894 2976  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
13:57:01.0987 2976  wscsvc - ok
13:57:02.0003 2976  WSearch - ok
13:57:02.0128 2976  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
13:57:02.0346 2976  wuauserv - ok
13:57:02.0377 2976  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
13:57:02.0455 2976  WudfPf - ok
13:57:02.0502 2976  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
13:57:02.0580 2976  WUDFRd - ok
13:57:02.0643 2976  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
13:57:02.0736 2976  wudfsvc - ok
13:57:02.0783 2976  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
13:57:02.0908 2976  WwanSvc - ok
13:57:02.0955 2976  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:57:03.0033 2976  ZTEusbmdm6k - ok
13:57:03.0064 2976  [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet       C:\windows\system32\DRIVERS\ZTEusbnet.sys
13:57:03.0142 2976  ZTEusbnet - ok
13:57:03.0189 2976  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
13:57:03.0298 2976  ZTEusbnmea - ok
13:57:03.0345 2976  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
13:57:03.0391 2976  ZTEusbser6k - ok
13:57:03.0438 2976  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice     C:\windows\system32\DRIVERS\ZTEusbvoice.sys
13:57:03.0485 2976  ZTEusbvoice - ok
13:57:03.0563 2976  ================ Scan global ===============================
13:57:03.0625 2976  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
13:57:03.0672 2976  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
13:57:03.0719 2976  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
13:57:03.0766 2976  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
13:57:03.0813 2976  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
13:57:03.0844 2976  [Global] - ok
13:57:03.0844 2976  ================ Scan MBR ==================================
13:57:03.0859 2976  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:57:04.0234 2976  \Device\Harddisk0\DR0 - ok
13:57:04.0234 2976  ================ Scan VBR ==================================
13:57:04.0249 2976  [ A7CA3015F1BE7B68708339DB0D6D7C71 ] \Device\Harddisk0\DR0\Partition1
13:57:04.0249 2976  \Device\Harddisk0\DR0\Partition1 - ok
13:57:04.0327 2976  [ 512744C0235B96621820344228FA735E ] \Device\Harddisk0\DR0\Partition2
13:57:04.0343 2976  \Device\Harddisk0\DR0\Partition2 - ok
13:57:04.0343 2976  ============================================================
13:57:04.0343 2976  Scan finished
13:57:04.0343 2976  ============================================================
13:57:04.0390 4456  Detected object count: 4
13:57:04.0390 4456  Actual detected object count: 4
13:57:19.0678 4456  AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0678 4456  AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:57:19.0693 4456  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0693 4456  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:57:19.0693 4456  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0709 4456  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:57:19.0709 4456  UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0709 4456  UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Kann man schon etwas erkennen? Q scheint gar nicht mehr gescannt zu werden - macht auf einem virtuellen Laufwerk (das scheint das ja zu sein) ein Rootkit (falls es denn eins ist) überhaupt Sinn?

lg, me.


Alt 11.02.2013, 14:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Ist bislang alles recht unauffällig. Warum GMER da meint da wäre etwas versteckt weiß ich so noch nicht, aber das Laufwerk Q ist ja diese Office-Geschichte von MS....

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> GMER meldet "hidden rootkit activity" & Rechner langsam

Alt 11.02.2013, 16:18   #7
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus,

ja, das ist irgendwie der Nachteil beim vorinstallierten Windows, man findet auf einmal lauter Programme, die man nicht kennt (und oft auch nicht braucht) - wenn ich auf Q klicke, erhalte ich auch keinen Zugriff, das Laufwerk ist "geschützt". Ich hatte mich bisher aber nicht fit genug gefühlt, um Win einfach neu zu installieren, so dass hinterher wirklich alles funktioniert (siehe Hardware-Treiber etc.).

AdwCleaner lief ohne Probleme, musste aber 1x neu starten. Hatte schlauerweise erst "Suchen" gemacht und dann "Löschen" (wer lesen kann, ist klar im Vorteil ), daher gibt's 2 Logfiles.

Suchen:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 11/02/2013 um 14:52:27 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : ... - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\...\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\88ttsqn5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [868 octets] - [11/02/2013 14:52:27]

########## EOF - C:\AdwCleaner[R1].txt - [927 octets] ##########
         
Löschen:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 11/02/2013 um 14:53:39 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : ... - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\...\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\88ttsqn5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [995 octets] - [11/02/2013 14:52:27]
AdwCleaner[S1].txt - [929 octets] - [11/02/2013 14:53:39]

########## EOF - C:\AdwCleaner[S1].txt - [988 octets] ##########
         
Dann kam OTL mit den beschriebenen Einstellungen dran. Hier das Logfile:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 2/11/2013 3:06:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 203.35 Mb Available Physical Memory | 20.05% Memory free
2.99 Gb Paging File | 1.95 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 56.20 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 43.03 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\ZTE Join Air\AssistantServices.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (UI Assistant Service) -- C:\Program Files\ZTE Join Air\AssistantServices.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\zteusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (w800bus) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{CC0BF2FC-B6AD-4033-BB3D-147016CEB22D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013/01/29 20:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/11/09 16:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2013/01/31 22:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions
[2012/10/16 16:44:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/05/19 09:20:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013/01/22 19:46:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\firefox@ghostery.com
[2013/01/31 10:36:39 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/01/31 22:54:06 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/06 22:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/29 20:09:28 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013/02/06 22:16:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..Trusted Domains: secunia.com ([]https in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A1F17EB-9944-41B8-B902-3562B5878363}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF68EEF1-8832-40C0-A48F-CD51ED10B0FD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030/01/01 22:36:01 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/02/11 12:58:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe
[2013/02/11 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\mbar-1.01.0.1020
[2013/02/09 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Logs
[2013/02/08 17:16:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2013/02/08 17:10:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013/02/08 17:03:40 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMAPI32.OCX
[2013/02/08 17:03:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCOMCT2.OCX
[2013/02/08 17:03:35 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCMCDE.DLL
[2013/02/08 17:03:35 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6DE.DLL
[2013/02/08 17:03:35 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCC2DE.DLL
[2013/02/08 17:03:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPIDE.DLL
[2013/02/08 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/02/06 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/05 16:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/05 16:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/01/29 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/01/29 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013/01/29 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Secunia PSI
[2013/01/29 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/01/29 13:21:59 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes
[2013/01/29 13:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/29 13:21:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/29 13:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/29 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Programs
[2013/01/29 12:59:20 | 000,000,000 | ---D | C] -- C:\windows\System32\x64
[2013/01/29 12:56:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/29 12:56:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rdpvideominiport.sys
[2013/01/29 12:56:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/29 12:56:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RdpGroupPolicyExtension.dll
[2013/01/29 12:56:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2013/01/29 12:56:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsRdpWebAccess.dll
[2013/01/29 12:56:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2013/01/29 12:56:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2013/01/29 12:56:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprtPS.dll
[2013/01/29 12:56:16 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2013/01/29 12:56:16 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2013/01/29 12:56:16 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpudd.dll
[2013/01/29 12:56:16 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpendp_winip.dll
[2013/01/29 12:56:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWbPrxy.exe
[2013/01/29 12:56:14 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorets.dll
[2013/01/29 12:51:16 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2013/01/29 12:51:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2013/01/29 12:49:54 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2013/01/29 12:49:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2013/01/29 12:49:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2013/01/29 12:44:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2013/01/29 12:44:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2013/01/29 12:44:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2013/01/29 12:44:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2013/01/29 12:43:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2013/01/29 12:43:46 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OxpsConverter.exe
[2013/01/29 12:43:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2013/01/29 12:43:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\System32\fpb.rs
[2013/01/29 12:43:26 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\System32\oflc-nz.rs
[2013/01/29 12:43:26 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\System32\csrr.rs
[2013/01/29 12:43:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\System32\cob-au.rs
[2013/01/29 12:43:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\System32\djctq.rs
[2013/01/29 12:43:25 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2013/01/29 12:43:25 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wpc.dll
[2013/01/29 12:43:25 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\System32\pegibbfc.rs
[2013/01/29 12:43:25 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\System32\usk.rs
[2013/01/29 12:43:25 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\System32\grb.rs
[2013/01/29 12:43:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-pt.rs
[2013/01/29 12:43:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi.rs
[2013/01/29 12:43:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\System32\cero.rs
[2013/01/29 12:43:23 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\System32\esrb.rs
[2013/01/29 12:43:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\System32\oflc.rs
[2013/01/29 12:43:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-fi.rs
[2013/01/29 12:42:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2013/01/29 12:42:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2013/01/29 12:42:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2013/01/29 12:42:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2013/01/29 12:41:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/29 12:41:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/29 12:41:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/29 12:41:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/29 12:41:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/29 12:41:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/29 12:41:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/29 12:41:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/29 12:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/29 12:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/29 12:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/29 12:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/29 12:41:04 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2013/01/29 12:38:06 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/01/24 14:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/01/21 14:10:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2013/01/21 14:10:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2013/01/21 14:07:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/01/21 14:07:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/01/21 14:07:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/01/21 14:07:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/01/21 14:07:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/01/21 14:07:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/01/21 14:07:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/01/21 14:07:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/01/21 13:58:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/01/21 13:57:41 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll
[2013/01/21 13:56:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2013/01/21 13:55:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2013/01/21 13:53:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/11 15:03:58 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 15:03:58 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 14:56:28 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2013/02/11 14:55:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/11 14:55:40 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 14:47:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/11 14:41:11 | 000,587,659 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe
[2013/02/11 13:20:30 | 135,199,968 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/02/11 13:01:41 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe
[2013/02/11 12:59:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe
[2013/02/11 11:51:45 | 013,711,621 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1020.zip
[2013/02/09 01:31:51 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe
[2013/02/08 17:12:16 | 000,365,568 | ---- | M] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe
[2013/02/08 17:10:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013/02/08 17:03:48 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/08 16:47:58 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/02/08 16:47:58 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/02/05 18:08:14 | 000,644,310 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/02/05 18:08:14 | 000,607,634 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/02/05 18:08:14 | 000,126,580 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/02/05 18:08:14 | 000,103,754 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/02/05 16:25:56 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/05 16:19:15 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/05 13:30:54 | 000,002,286 | -H-- | M] () -- D:\...\Eigene Dokumente\Default.rdp
[2013/01/29 19:48:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/01/29 19:43:08 | 000,000,932 | ---- | M] () -- C:\Users\...\Desktop\IrfanView.lnk
[2013/01/29 19:40:33 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013/01/29 16:32:03 | 000,001,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/01/29 14:40:17 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\windows\System32\+npDeployJava1.dll
[2013/01/29 14:40:17 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013/01/29 13:21:46 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/29 13:06:40 | 000,272,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/01/24 14:59:16 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2030/01/01 22:36:02 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/02/11 13:20:30 | 135,199,968 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/02/11 11:49:57 | 013,711,621 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1020.zip
[2013/02/09 01:31:29 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe
[2013/02/08 17:19:52 | 000,587,659 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe
[2013/02/08 17:12:10 | 000,365,568 | ---- | C] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe
[2013/02/08 17:03:48 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013/02/08 17:03:39 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2013/02/05 16:25:56 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/05 16:19:15 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/05 16:19:15 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/29 19:48:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/01/29 19:43:07 | 000,000,932 | ---- | C] () -- C:\Users\...\Desktop\IrfanView.lnk
[2013/01/29 19:42:41 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 16:32:03 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/01/29 16:32:03 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/01/29 13:21:46 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/01/29 12:51:22 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/29 12:49:51 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/24 14:59:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/24 14:59:16 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/03/30 18:13:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2012/03/30 18:13:10 | 000,001,471 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/01/19 19:48:26 | 000,061,678 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JPR.{PB
[2012/01/19 19:48:26 | 000,012,358 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JCM.{PB
[2011/12/14 10:48:47 | 000,065,536 | ---- | C] () -- C:\windows\System32\HPPLVS.dll
[2011/12/13 00:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/07 16:23:31 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 2/11/2013 3:06:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 203.35 Mb Available Physical Memory | 20.05% Memory free
2.99 Gb Paging File | 1.95 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 56.20 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 43.03 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03386B1F-803A-4186-8DA4-D323B4071C9E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{14A6C1E0-851E-4969-8896-F9441085CF6B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{205CE3F2-78DF-4DA9-8B46-609A5118BE24}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3DD939B7-AAB7-483E-95D7-6F9BDF2BB99A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4A6065F1-83C8-439B-BD83-70D2F82CB5C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C4CDE39-CBA8-4F93-838D-2580F67AB958}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{57369344-79A8-4092-A134-192392D9BCB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6B28C47A-0ED4-4307-BBFC-448C13181989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FE02CD4-B385-4CD8-85CD-7DE53C93BEB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93EF180A-DC0C-4C4B-B3E9-E79B0DEA3649}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AF78E807-09D9-490A-BEDB-239192A3CE47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C164C7A6-7062-494A-ABE7-95A9FBC3D231}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CB34B017-5E1C-45A4-9040-36CDF7F601FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEB0A60B-5A38-4AF5-9BF8-A5DA11A05BF3}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1171A6D4-B8ED-4768-9E63-1879953FCAEE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"{286DC0BC-9132-4FB2-A61C-881DFE9BC8D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{391A479A-30B5-4C56-9C20-793828867B9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5BEACA52-A999-40E9-B412-B3321D83D6C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6208F3D2-72B6-4990-B6F6-0D807A9C6F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A80E8CDB-97AC-4F17-9F03-52CB09ECF51F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DC3252B4-E1F6-4A61-ADB3-8D2FD16877B5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"TCP Query User{03FCA698-A1F5-4494-B668-728880C2E613}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
"TCP Query User{77038D20-2671-4CCC-B213-A7DE7F183F1D}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
"UDP Query User{AC10CA33-B936-4CE0-921B-AB47D8859A28}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
"UDP Query User{D8B7EA4E-8324-4870-8EDD-16F508C435B3}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Edraw Mind Map_is1" = Edraw Mind Map V4
"Eee Docking_is1" = Eee Docking 3.7.0
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.6
"VLC media player" = VLC media player 2.0.5
"VoipDiscount_is1" = VoipDiscount
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/21/2012 6:24:58 AM | Computer Name = Netbook | Source = Application Hang | ID = 1002
Description = Programm PDFCreator.exe, Version 1.2.0.3 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 160c    Startzeit:
 01cd97e306c78209    Endzeit: 78    Anwendungspfad: C:\Program Files\PDFCreator\PDFCreator.exe

Berichts-ID:
 8bb9a07f-03d6-11e2-914d-20cf3057c295  
 
Error - 9/21/2012 11:02:10 AM | Computer Name = Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.1.3.1201,
 Zeitstempel: 0x4ed6f47d  Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.7601.17514,
 Zeitstempel: 0x4ce7b71c  Ausnahmecode: 0xc0000409  Fehleroffset: 0x000ab772  ID des fehlerhaften
 Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cd9809f0b6161f  Pfad der
 fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
Pfad
 des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
Berichtskennung:
 50d7231b-03fd-11e2-914d-20cf3057c295
 
Error - 10/17/2012 6:33:11 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 10/24/2012 9:44:35 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Die Aktion kann nicht abgeschlossen werden. Versuchen
 Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
 
Error - 10/25/2012 8:13:41 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 11/24/2012 9:10:46 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 11/26/2012 7:40:28 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 11/27/2012 4:57:33 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 11/28/2012 3:59:09 PM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 11/29/2012 9:51:47 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Die Aktion kann nicht abgeschlossen werden. Versuchen
 Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
 
[ System Events ]
Error - 2/10/2013 11:50:40 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 2/10/2013 11:51:14 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 2/10/2013 11:51:15 AM | Computer Name = Netbook | Source = DCOM | ID = 10005
Description = 
 
Error - 2/10/2013 11:51:15 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 2/10/2013 6:13:59 PM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 2/11/2013 4:37:00 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 2/11/2013 8:21:03 AM | Computer Name = Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?02.?2013 um 13:19:17 unerwartet heruntergefahren.
 
Error - 2/11/2013 8:21:03 AM | Computer Name = NETBOOK | Source = BugCheck | ID = 1001
Description = 
 
Error - 2/11/2013 8:21:43 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 2/11/2013 9:56:51 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
lg, me.

Alt 11.02.2013, 23:16   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Vom Hersteller vorinstalliertes Windows ist ost mit irgendwelchen Beilagen versaut.
Aber dafür gibt es Abhilfe wenn du willst => http://www.trojaner-board.de/100776-...tml#post676887
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2013, 14:05   #9
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus,

vielen Dank für den Link mit der Anleitung! Ich denke, das werde ich auch machen (ISO-Download läuft schon), wahrscheinlich ist dann auch mein Netbook wieder schneller. Ich muss nur noch überprüfen, ob ich auch alle Treiber hab bzw. auf welche Hersteller-Tools ich besser verzichte (die stehen ja beim Treiber-Download mit dabei).

Muss man vor der Win7-Installation eigentlich ein BIOS-Update machen? Da mit dem BIOS soweit alles funktioniert hat bisher, würd ich eher drauf verzichten wollen (v.a. weil ich grad einen Eintrag gefunden habe, dass einer mit dem BIOS-Update seinen Chip geschrottet hat).

Ok, aber ansonsten ist das Netbook in Ordnung, oder? Ich wollte halt nur sichergehen, dass ich mir nicht die frische Vista-Installation auf dem PC gleich wieder versaue, indem ich ihn vom Netbook her aufrüste & auch gleich anstecke.

Vielen herzlichen Dank schon einmal für Deine geduldige Hilfe!

lg, me.

Alt 12.02.2013, 14:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Zitat:
Muss man vor der Win7-Installation eigentlich ein BIOS-Update machen?
Nein wie kommst du darauf? Das ist nur in den seltensten Fällen notwendig zB wenn das alte BIOS nicht mit Win7 klarkommt, aber wie gesagt das sind eher Ausnahmen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2013, 15:50   #11
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus!

Zitat:
Nein wie kommst du darauf?
Auf der ASUS-Treiberseite sind für mein Netbook-Modell auch ein BIOS-Update und & BIOS-Updatetool aufgeführt - und ich hab ja keine Ahnung, was ich dann hinterher alles brauche.

Ich find das eh ein bisschen konfus, am praktischsten fände ich eine Treiber-Export-Funktion aus der aktuellen Installation heraus - die jetzigen funktionieren ja alle!

Vielen Dank!

lg, me.

Alt 12.02.2013, 15:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



BIOS-Updates werden idR nur dann empohlen wenn man wirklich Probleme hat.
Und Laien wie Oma Lieschen ist das nun wirklich nicht gedacht, damit mal eben das BIOS neu zu flashen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2013, 16:18   #13
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus,

danke für die Erläuterung! Ich hätte das BIOS jetzt auch nicht von alleine geupdatet, keine Sorge!
Mir fällt noch ein 2. Grund ein, warum ich gefragt hatte: In einer Asus Anleitung fürs Windows 7 Self-Upgrade (das war die einzige Asus Anleitung, die ich hinsichtlich der Treiber-Reihenfolge überhaupt gefunden habe) stand, bei einem Upgrade von Win XP zu Win 7 sollte man das BIOS via ASUS Update aktualisieren.

lg, me.

Alt 12.02.2013, 16:47   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Was für ein Board von Asus genau hast du denn?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2013, 17:19   #15
help me
 
GMER meldet "hidden rootkit activity" & Rechner langsam - Standard

GMER meldet "hidden rootkit activity" & Rechner langsam



Hi Cosinus,

wenn ich das richtig herausgesucht hab, dann wohl Asus 1005PX (kommt das hin?).

lg, me.

Antwort

Themen zu GMER meldet "hidden rootkit activity" & Rechner langsam
32 bit, antivir, arbeitsspeicher voll, avira, cpu, error, failed, firefox, flash player, format, ftp, install.exe, installation, kaspersky, langsam, logfile, microsoft office starter 2010, mozilla, neu aufsetzen, ntdll.dll, ntopenkeyex, programm, realtek, registry, rootkit, rundll, scan, secunia psi, security, software, svchost.exe, udp



Ähnliche Themen: GMER meldet "hidden rootkit activity" & Rechner langsam


  1. Ständige Spam bei GMX "Zahlungsaufforderung", Rechner sehr langsam
    Log-Analyse und Auswertung - 06.09.2014 (15)
  2. avast! meldet potenzielles Rootkit "SVC:SystemStoreService"
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (20)
  3. TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD)
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (28)
  4. habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht
    Mülltonne - 05.02.2013 (1)
  5. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  6. Virus - "untergetaucht"? Dann GMER/Rootkit Fund und Systemstreik
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (3)
  7. Rechner hängt sich bei GMER seit "Entfernung" von Windows Recovery auf
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (23)
  8. Kaspersky meldet "phishing link" auf Banking-Rechner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (0)
  9. Norton meldet Zwischenfall: "HTTP Malicious Toolkit Variant Activity 13"
    Log-Analyse und Auswertung - 12.12.2010 (30)
  10. Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT !
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (4)
  11. Gmer meldet Rootkit Verdacht: HIDDEN MSSQL Service
    Log-Analyse und Auswertung - 04.08.2010 (5)
  12. Ist mein Rechner "rootkit" - frei ?
    Log-Analyse und Auswertung - 16.07.2010 (25)
  13. gmer meldet Rootkit activity svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.01.2010 (15)
  14. "Your System is infected - Spyware activity has been detected..."
    Log-Analyse und Auswertung - 16.01.2010 (1)
  15. TROJANER meldet ständig über Pop-Up "rootkit win32 Agent pp"
    Log-Analyse und Auswertung - 08.12.2009 (1)
  16. Rechner langsam / Gmer meldet "Rootkit/Malware"
    Log-Analyse und Auswertung - 20.04.2009 (14)
  17. Kriege "TR/Rootkit.Gen" und "TR/PSW.PdPi.CT.1.D" nicht von Rechner runter!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2009 (30)

Zum Thema GMER meldet "hidden rootkit activity" & Rechner langsam - Hallo liebes Anti-Trojaner-Team, nachdem ich gerade dabei bin, meinen PC neu aufzusetzen (Dank an Cosinus noch mal für die Hilfe!), habe ich nun auch evtl. Schwierigkeiten mit meinem Netbook. Er - GMER meldet "hidden rootkit activity" & Rechner langsam...
Archiv
Du betrachtest: GMER meldet "hidden rootkit activity" & Rechner langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.