Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vista: Laptop wird zusehends langsamer und stürzt ständig ab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.03.2013, 19:06   #1
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hallo,
Da ihr mir Anfang des Jahres schon so super weitergeholfen habt, wende ich mich diesmal gleich vertrauensvoll an euch. Ich hoffe nur dass ich hier im richtigen Unterthema gelandet bin...

Folgendes Problem: Über den GMX-Mail-Account meiner Eltern wurde vor ca. 2Wochen eine Spam-Mail versendet; daraufhin habe ich deren Laptop an mich genommen, um auf ihn auf den aktuellen Stand zu bringen und speziell auf Viren zu überprüfen.
Leider konnten Anti-Malware, Super-Anti-Spy, spybot, etc. nichts (ausschlaggebendes) finden. Dabei ist der Rechner jedoch sehr häufig abgestürzt, was sich auch nach der Installation aller Updates, auch über Secunia PSI, nicht verbessert hat. Die Rechnerauslastung ist zudem übermässig hoch.
Das Abstürzen ist passiert bei VirenScans, Defragmentierungen, Updates, etc.

Zudem bekomme ich Windows-Meldungen, dass verschiedene Hosts oder Programme beendet wurden, und ich online nach einer Lösung suchen kann.

Meine Fragen sind nun die Folgenden:
*Ist das ein Hard- oder Software (d.h. Virus-) Problem?
*Wie kann ich hier weiter vorgehen?

Vielen Dank im Voraus für Eure Hilfe!

Alt 06.03.2013, 22:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 07.03.2013, 21:29   #3
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hallo,
vielen Dank für die schnelle Rückmeldung.

Nach einigen Abstürzen während des OTL-Scans (Bluescreen oder Freeze) konnte ich jetzt im X-ten Anlauf den Scan abschliessen.
Hier der Inhalt von OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2013 22:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,81% Memory free
4,21 Gb Paging File | 2,87 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 59,05 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive D: | 46,10 Gb Total Space | 28,74 Gb Free Space | 62,35% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-U-UND-W | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{2AD13F47-28C0-45AF-B074-89752EA6494A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=2813AAB2-915E-42B3-94D8-F4EDF50ED300&apn_sauid=452548AC-2F70-468D-8393-C8CBABA03723
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 15:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.01.27 19:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.27 15:29:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O7 - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD79E272-0764-4608-BD94-A280E33E4FD3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.07 21:56:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.03.05 22:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.03.05 22:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013.03.05 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Help
[2013.03.05 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\WindowsUpdate
[2013.03.05 21:40:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI
[2013.03.05 21:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.05 21:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.05 21:39:33 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.05 21:39:33 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.05 21:39:33 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 21:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013.03.05 21:39:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 21:39:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 21:39:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 21:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.03 09:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.03.03 09:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013.03.03 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Anti-Malware
[2013.03.03 08:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.03 08:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.03 08:45:08 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.03.03 08:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.03 08:39:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2013.02.27 15:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.27 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.02.22 17:11:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.22 17:11:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.22 17:11:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.22 17:11:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.22 17:11:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.22 17:11:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.22 17:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.22 17:11:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.21 16:09:02 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.21 16:08:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.21 16:08:36 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.21 16:08:36 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.07 13:15:22 | 000,016,024 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf_x86.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.07 22:22:45 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.03.07 22:22:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 22:22:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 22:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.07 22:22:25 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.07 22:08:05 | 315,103,808 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.07 22:04:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.07 21:57:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.03.05 22:22:14 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.05 22:09:25 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.05 21:39:36 | 000,000,905 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.03.05 21:38:45 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 21:38:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 21:38:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 21:38:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 21:38:25 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.05 21:38:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.05 19:02:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.05 19:02:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.05 19:02:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.05 19:02:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.04 16:29:32 | 000,015,948 | ---- | M] () -- C:\Users\Admin\Documents\cc_20130304_162836.reg
[2013.03.03 09:36:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.03 09:27:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.03.03 08:45:16 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.28 09:04:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.28 09:04:49 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.07 13:15:22 | 000,016,024 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf_x86.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.06 18:19:15 | 315,103,808 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.05 22:09:25 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.05 21:39:36 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.03.05 21:39:35 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.03.04 16:28:43 | 000,015,948 | ---- | C] () -- C:\Users\Admin\Documents\cc_20130304_162836.reg
[2013.03.03 09:27:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.03.03 08:45:29 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.03 08:45:27 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.03.03 08:45:16 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.03 08:45:16 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.03.24 16:04:56 | 000,109,721 | ---- | C] () -- C:\Users\Admin\ESt2011_SCHULZ_WERNER_und_SCHULZ_URSULA.elfo
[2008.10.23 07:16:23 | 000,002,630 | ---- | C] () -- \pi_adler.csv
[2008.07.11 14:34:36 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.07.11 05:12:08 | 2137,448,448 | -HS- | C] () -- \hiberfil.sys
[2008.07.10 07:34:35 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006.11.02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Und hier der Inhalt von Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.03.2013 22:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,81% Memory free
4,21 Gb Paging File | 2,87 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 59,05 Gb Free Space | 62,71% Space Free | Partition Type: NTFS
Drive D: | 46,10 Gb Total Space | 28,74 Gb Free Space | 62,35% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-U-UND-W | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D6E4EDD-B68D-493C-93E7-62496B31DACD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1F8D32C7-F30F-4BC1-82ED-8E0B2928F8D2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{37F8D196-A875-43FA-B718-B39452D2B4D6}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{3DA6BDF2-6BB8-4542-AB44-19BCAFF17546}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"TCP Query User{6E21E511-AED3-4DB1-A2E1-2248F80923CD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{07EB713E-1C28-4E75-A6D4-5B62DC2AE3DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---


Danke & Gruß
__________________

Geändert von mephisto315 (07.03.2013 um 21:39 Uhr)

Alt 08.03.2013, 09:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 12:02   #5
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hallo,

hier das log von GMER:
[code]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-08 12:41:27
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0 149,05GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kglcraob.sys


---- User code sections - GMER 2.1 ----

.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtCreateFile                              77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtCreateFile + 4                          77A04248 2 Bytes  [82, 71]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtDeleteValueKey                          77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtDeleteValueKey + 4                      77A04668 2 Bytes  [88, 71]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtOpenFile                                77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtOpenFile + 4                            77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtOpenProcess                             77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtOpenProcess + 4                         77A04AA8 2 Bytes  [85, 71]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtSetContextThread                        77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtSetContextThread + 4                    77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtSetValueKey                             77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ntdll.dll!NtSetValueKey + 4                         77A052C8 2 Bytes  [8B, 71]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] kernel32.dll!LoadLibraryExW + 173                   770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!PostMessageA                             775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!SendMessageA                             775FF956 6 Bytes  JMP 719E000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!PostMessageW                             7760A175 6 Bytes  JMP 7195000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!SendMessageW                             77610AED 6 Bytes  JMP 719B000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!mouse_event                              7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!SendInput                                77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!SendInput + 4                            77622F79 2 Bytes  [A0, 71]
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] USER32.dll!keybd_event                              7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ADVAPI32.dll!CreateServiceW                         776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] ADVAPI32.dll!CreateServiceA                         777172A1 5 Bytes  JMP 7192000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] WS2_32.dll!connect                                  779440D9 6 Bytes  JMP 717A000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] WS2_32.dll!WSALookupServiceBeginW                   77944E93 6 Bytes  JMP 7174000A 
.text           C:\Users\Admin\Desktop\gmer_2.1.19155.exe[1920] WS2_32.dll!listen                                   77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtCreateFile                                            77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtCreateFile + 4                                        77A04248 2 Bytes  [82, 71]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtDeleteValueKey                                        77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtDeleteValueKey + 4                                    77A04668 2 Bytes  [88, 71]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtOpenFile                                              77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtOpenFile + 4                                          77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtOpenProcess                                           77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtOpenProcess + 4                                       77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtSetContextThread                                      77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtSetContextThread + 4                                  77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtSetValueKey                                           77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] ntdll.dll!NtSetValueKey + 4                                       77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\system32\Dwm.exe[2052] kernel32.dll!LoadLibraryExW + 173                                 770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\system32\Dwm.exe[2052] ADVAPI32.dll!CreateServiceW                                       776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\system32\Dwm.exe[2052] ADVAPI32.dll!CreateServiceA                                       777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!PostMessageA                                           775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!SendMessageA                                           775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!PostMessageW                                           7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!SendMessageW                                           77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!mouse_event                                            7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!SendInput                                              77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!SendInput + 4                                          77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\system32\Dwm.exe[2052] USER32.dll!keybd_event                                            7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\system32\Dwm.exe[2052] WS2_32.dll!connect                                                779440D9 6 Bytes  JMP 717A000A 
.text           C:\Windows\system32\Dwm.exe[2052] WS2_32.dll!WSALookupServiceBeginW                                 77944E93 6 Bytes  JMP 7174000A 
.text           C:\Windows\system32\Dwm.exe[2052] WS2_32.dll!listen                                                 77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtCreateFile                                        77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtCreateFile + 4                                    77A04248 2 Bytes  [82, 71]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtDeleteValueKey                                    77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtDeleteValueKey + 4                                77A04668 2 Bytes  [88, 71]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtOpenFile                                          77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtOpenFile + 4                                      77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtOpenProcess                                       77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtOpenProcess + 4                                   77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtSetContextThread                                  77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtSetContextThread + 4                              77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtSetValueKey                                       77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] ntdll.dll!NtSetValueKey + 4                                   77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\system32\taskeng.exe[2100] kernel32.dll!LoadLibraryExW + 173                             770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\system32\taskeng.exe[2100] ADVAPI32.dll!CreateServiceW                                   776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\system32\taskeng.exe[2100] ADVAPI32.dll!CreateServiceA                                   777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!PostMessageA                                       775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!SendMessageA                                       775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!PostMessageW                                       7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!SendMessageW                                       77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!mouse_event                                        7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!SendInput                                          77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!SendInput + 4                                      77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\system32\taskeng.exe[2100] USER32.dll!keybd_event                                        7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\system32\taskeng.exe[2100] WS2_32.dll!connect                                            779440D9 6 Bytes  JMP 717A000A 
.text           C:\Windows\system32\taskeng.exe[2100] WS2_32.dll!WSALookupServiceBeginW                             77944E93 6 Bytes  JMP 7174000A 
.text           C:\Windows\system32\taskeng.exe[2100] WS2_32.dll!listen                                             77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtCreateFile                                                77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtCreateFile + 4                                            77A04248 2 Bytes  [82, 71]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtDeleteValueKey                                            77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtDeleteValueKey + 4                                        77A04668 2 Bytes  [88, 71]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtOpenFile                                                  77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtOpenFile + 4                                              77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtOpenProcess                                               77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtOpenProcess + 4                                           77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtSetContextThread                                          77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtSetContextThread + 4                                      77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtSetValueKey                                               77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] ntdll.dll!NtSetValueKey + 4                                           77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\Explorer.EXE[2164] kernel32.dll!LoadLibraryExW + 173                                     770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\Explorer.EXE[2164] ADVAPI32.dll!CreateServiceW                                           776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\Explorer.EXE[2164] ADVAPI32.dll!CreateServiceA                                           777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!PostMessageA                                               775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!SendMessageA                                               775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!PostMessageW                                               7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!SendMessageW                                               77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!mouse_event                                                7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!SendInput                                                  77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!SendInput + 4                                              77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\Explorer.EXE[2164] USER32.dll!keybd_event                                                7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\Explorer.EXE[2164] WS2_32.dll!connect                                                    779440D9 6 Bytes  JMP 717A000A 
.text           C:\Windows\Explorer.EXE[2164] WS2_32.dll!WSALookupServiceBeginW                                     77944E93 6 Bytes  JMP 7174000A 
.text           C:\Windows\Explorer.EXE[2164] WS2_32.dll!listen                                                     77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtCreateFile                          77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtCreateFile + 4                      77A04248 2 Bytes  [82, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtDeleteValueKey                      77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtDeleteValueKey + 4                  77A04668 2 Bytes  [88, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtOpenFile                            77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtOpenFile + 4                        77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtOpenProcess                         77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtOpenProcess + 4                     77A04AA8 2 Bytes  [85, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtSetContextThread                    77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtSetContextThread + 4                77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtSetValueKey                         77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ntdll.dll!NtSetValueKey + 4                     77A052C8 2 Bytes  [8B, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] kernel32.dll!LoadLibraryExW + 173               770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ADVAPI32.dll!CreateServiceW                     776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] ADVAPI32.dll!CreateServiceA                     777172A1 5 Bytes  JMP 7192000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!PostMessageA                         775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!SendMessageA                         775FF956 6 Bytes  JMP 719E000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!PostMessageW                         7760A175 6 Bytes  JMP 7195000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!SendMessageW                         77610AED 6 Bytes  JMP 719B000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!mouse_event                          7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!SendInput                            77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!SendInput + 4                        77622F79 2 Bytes  [A0, 71]
.text           C:\Program Files\Windows Defender\MSASCui.exe[2476] USER32.dll!keybd_event                          7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtCreateFile                                                77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtCreateFile + 4                                            77A04248 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtDeleteValueKey                                            77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtDeleteValueKey + 4                                        77A04668 2 Bytes  [82, 71]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtOpenFile                                                  77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtOpenFile + 4                                              77A04A28 2 Bytes  [79, 71] {JNS 0x73}
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtOpenProcess                                               77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtOpenProcess + 4                                           77A04AA8 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtSetContextThread                                          77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtSetContextThread + 4                                      77A05098 2 Bytes  [76, 71] {JBE 0x73}
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtSetValueKey                                               77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] ntdll.dll!NtSetValueKey + 4                                           77A052C8 2 Bytes  [85, 71]
.text           C:\Windows\RtHDVCpl.exe[2500] kernel32.dll!LoadLibraryExW + 173                                     770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\RtHDVCpl.exe[2500] ADVAPI32.dll!CreateServiceW                                           776D9EB4 6 Bytes  JMP 7189000A 
.text           C:\Windows\RtHDVCpl.exe[2500] ADVAPI32.dll!CreateServiceA                                           777172A1 5 Bytes  JMP 718C000A 
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!PostMessageA                                               775FF8F8 6 Bytes  JMP 7192000A 
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!SendMessageA                                               775FF956 6 Bytes  JMP 7198000A 
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!PostMessageW                                               7760A175 6 Bytes  JMP 718F000A 
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!SendMessageW                                               77610AED 6 Bytes  JMP 7195000A 
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!mouse_event                                                7762044E 6 Bytes  JMP 71A1000A 
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!SendInput                                                  77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!SendInput + 4                                              77622F79 2 Bytes  [9A, 71]
.text           C:\Windows\RtHDVCpl.exe[2500] USER32.dll!keybd_event                                                7764D972 6 Bytes  JMP 719E000A 
.text           C:\Windows\RtHDVCpl.exe[2500] WS2_32.dll!connect                                                    779440D9 6 Bytes  JMP 7174000A 
.text           C:\Windows\RtHDVCpl.exe[2500] WS2_32.dll!WSALookupServiceBeginW                                     77944E93 6 Bytes  JMP 716E000A 
.text           C:\Windows\RtHDVCpl.exe[2500] WS2_32.dll!listen                                                     77948CD7 6 Bytes  JMP 7171000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtCreateFile                          77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtCreateFile + 4                      77A04248 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtDeleteValueKey                      77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtDeleteValueKey + 4                  77A04668 2 Bytes  [82, 71]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtOpenFile                            77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtOpenFile + 4                        77A04A28 2 Bytes  [79, 71] {JNS 0x73}
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtOpenProcess                         77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtOpenProcess + 4                     77A04AA8 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtSetContextThread                    77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtSetContextThread + 4                77A05098 2 Bytes  [76, 71] {JBE 0x73}
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtSetValueKey                         77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ntdll.dll!NtSetValueKey + 4                     77A052C8 2 Bytes  [85, 71]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] kernel32.dll!LoadLibraryExW + 173               770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!PostMessageA                         775FF8F8 6 Bytes  JMP 7192000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!SendMessageA                         775FF956 6 Bytes  JMP 7198000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!PostMessageW                         7760A175 6 Bytes  JMP 718F000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!SendMessageW                         77610AED 6 Bytes  JMP 7195000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!mouse_event                          7762044E 6 Bytes  JMP 71A1000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!SendInput                            77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!SendInput + 4                        77622F79 2 Bytes  [9A, 71]
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] USER32.dll!keybd_event                          7764D972 6 Bytes  JMP 719E000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ADVAPI32.dll!CreateServiceW                     776D9EB4 6 Bytes  JMP 7189000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] ADVAPI32.dll!CreateServiceA                     777172A1 5 Bytes  JMP 718C000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] WS2_32.dll!connect                              779440D9 6 Bytes  JMP 7174000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] WS2_32.dll!WSALookupServiceBeginW               77944E93 6 Bytes  JMP 716E000A 
.text           C:\Program Files\Launch Manager\HotkeyApp.exe[2552] WS2_32.dll!listen                               77948CD7 6 Bytes  JMP 7171000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtCreateFile                        77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtCreateFile + 4                    77A04248 2 Bytes  [82, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtDeleteValueKey                    77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtDeleteValueKey + 4                77A04668 2 Bytes  [88, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtOpenFile                          77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtOpenFile + 4                      77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtOpenProcess                       77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtOpenProcess + 4                   77A04AA8 2 Bytes  [85, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtSetContextThread                  77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtSetContextThread + 4              77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtSetValueKey                       77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ntdll.dll!NtSetValueKey + 4                   77A052C8 2 Bytes  [8B, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] kernel32.dll!LoadLibraryExW + 173             770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!PostMessageA                       775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!SendMessageA                       775FF956 6 Bytes  JMP 719E000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!PostMessageW                       7760A175 6 Bytes  JMP 7195000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!SendMessageW                       77610AED 6 Bytes  JMP 719B000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!mouse_event                        7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!SendInput                          77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!SendInput + 4                      77622F79 2 Bytes  [A0, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] USER32.dll!keybd_event                        7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ADVAPI32.dll!CreateServiceW                   776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] ADVAPI32.dll!CreateServiceA                   777172A1 5 Bytes  JMP 7192000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] WS2_32.dll!connect                            779440D9 6 Bytes  JMP 717A000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] WS2_32.dll!WSALookupServiceBeginW             77944E93 6 Bytes  JMP 7174000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2564] WS2_32.dll!listen                             77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtCreateFile                                          77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtCreateFile + 4                                      77A04248 2 Bytes  [82, 71]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtDeleteValueKey                                      77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtDeleteValueKey + 4                                  77A04668 2 Bytes  [88, 71]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtOpenFile                                            77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtOpenFile + 4                                        77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtOpenProcess                                         77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtOpenProcess + 4                                     77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtSetContextThread                                    77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtSetContextThread + 4                                77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtSetValueKey                                         77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] ntdll.dll!NtSetValueKey + 4                                     77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\System32\hkcmd.exe[2588] kernel32.dll!LoadLibraryExW + 173                               770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!PostMessageA                                         775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!SendMessageA                                         775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!PostMessageW                                         7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!SendMessageW                                         77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!mouse_event                                          7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!SendInput                                            77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!SendInput + 4                                        77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\System32\hkcmd.exe[2588] USER32.dll!keybd_event                                          7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\System32\hkcmd.exe[2588] ADVAPI32.dll!CreateServiceW                                     776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\System32\hkcmd.exe[2588] ADVAPI32.dll!CreateServiceA                                     777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtCreateFile                                       77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtCreateFile + 4                                   77A04248 2 Bytes  [82, 71]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtDeleteValueKey                                   77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtDeleteValueKey + 4                               77A04668 2 Bytes  [88, 71]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtOpenFile                                         77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtOpenFile + 4                                     77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtOpenProcess                                      77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtOpenProcess + 4                                  77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtSetContextThread                                 77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtSetContextThread + 4                             77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtSetValueKey                                      77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] ntdll.dll!NtSetValueKey + 4                                  77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\System32\igfxpers.exe[2600] kernel32.dll!LoadLibraryExW + 173                            770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!PostMessageA                                      775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!SendMessageA                                      775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!PostMessageW                                      7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!SendMessageW                                      77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!mouse_event                                       7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!SendInput                                         77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!SendInput + 4                                     77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\System32\igfxpers.exe[2600] USER32.dll!keybd_event                                       7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\System32\igfxpers.exe[2600] ADVAPI32.dll!CreateServiceW                                  776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\System32\igfxpers.exe[2600] ADVAPI32.dll!CreateServiceA                                  777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtCreateFile                                       77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtCreateFile + 4                                   77A04248 2 Bytes  [82, 71]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtDeleteValueKey                                   77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtDeleteValueKey + 4                               77A04668 2 Bytes  [88, 71]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtOpenFile                                         77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtOpenFile + 4                                     77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtOpenProcess                                      77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtOpenProcess + 4                                  77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtSetContextThread                                 77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtSetContextThread + 4                             77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtSetValueKey                                      77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] ntdll.dll!NtSetValueKey + 4                                  77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\system32\igfxsrvc.exe[2632] kernel32.dll!LoadLibraryExW + 173                            770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!PostMessageA                                      775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!SendMessageA                                      775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!PostMessageW                                      7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!SendMessageW                                      77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!mouse_event                                       7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!SendInput                                         77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!SendInput + 4                                     77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\system32\igfxsrvc.exe[2632] USER32.dll!keybd_event                                       7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] ADVAPI32.dll!CreateServiceW                                  776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] ADVAPI32.dll!CreateServiceA                                  777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] WS2_32.dll!connect                                           779440D9 6 Bytes  JMP 717A000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] WS2_32.dll!WSALookupServiceBeginW                            77944E93 6 Bytes  JMP 7174000A 
.text           C:\Windows\system32\igfxsrvc.exe[2632] WS2_32.dll!listen                                            77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtCreateFile                                  77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtCreateFile + 4                              77A04248 2 Bytes  [82, 71]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtDeleteValueKey                              77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtDeleteValueKey + 4                          77A04668 2 Bytes  [88, 71]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtOpenFile                                    77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtOpenFile + 4                                77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtOpenProcess                                 77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtOpenProcess + 4                             77A04AA8 2 Bytes  [85, 71]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtSetContextThread                            77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtSetContextThread + 4                        77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtSetValueKey                                 77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ntdll.dll!NtSetValueKey + 4                             77A052C8 2 Bytes  [8B, 71]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] kernel32.dll!LoadLibraryExW + 173                       770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ADVAPI32.dll!CreateServiceW                             776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] ADVAPI32.dll!CreateServiceA                             777172A1 5 Bytes  JMP 7192000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!PostMessageA                                 775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!SendMessageA                                 775FF956 6 Bytes  JMP 719E000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!PostMessageW                                 7760A175 6 Bytes  JMP 7195000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!SendMessageW                                 77610AED 6 Bytes  JMP 719B000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!mouse_event                                  7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!SendInput                                    77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!SendInput + 4                                77622F79 2 Bytes  [A0, 71]
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] USER32.dll!keybd_event                                  7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] WS2_32.dll!connect                                      779440D9 6 Bytes  JMP 717A000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] WS2_32.dll!WSALookupServiceBeginW                       77944E93 6 Bytes  JMP 7174000A 
.text           C:\Windows\system32\wbem\unsecapp.exe[2704] WS2_32.dll!listen                                       77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtCreateFile             77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtCreateFile + 4         77A04248 2 Bytes  [82, 71]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtDeleteValueKey         77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtDeleteValueKey + 4     77A04668 2 Bytes  [88, 71]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtOpenFile               77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtOpenFile + 4           77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtOpenProcess            77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtOpenProcess + 4        77A04AA8 2 Bytes  [85, 71]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtSetContextThread       77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtSetContextThread + 4   77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtSetValueKey            77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ntdll.dll!NtSetValueKey + 4        77A052C8 2 Bytes  [8B, 71]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] kernel32.dll!LoadLibraryExW + 173  770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ADVAPI32.dll!CreateServiceW        776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] ADVAPI32.dll!CreateServiceA        777172A1 5 Bytes  JMP 7192000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!PostMessageA            775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!SendMessageA            775FF956 6 Bytes  JMP 719E000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!PostMessageW            7760A175 6 Bytes  JMP 7195000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!SendMessageW            77610AED 6 Bytes  JMP 719B000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!mouse_event             7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!SendInput               77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!SendInput + 4           77622F79 2 Bytes  [A0, 71]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2708] USER32.dll!keybd_event             7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtCreateFile                              77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtCreateFile + 4                          77A04248 2 Bytes  [82, 71]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtDeleteValueKey                          77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtDeleteValueKey + 4                      77A04668 2 Bytes  [88, 71]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtOpenFile                                77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtOpenFile + 4                            77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtOpenProcess                             77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtOpenProcess + 4                         77A04AA8 2 Bytes  [85, 71]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtSetContextThread                        77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtSetContextThread + 4                    77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtSetValueKey                             77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ntdll.dll!NtSetValueKey + 4                         77A052C8 2 Bytes  [8B, 71]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] kernel32.dll!LoadLibraryExW + 173                   770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!PostMessageA                             775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!SendMessageA                             775FF956 6 Bytes  JMP 719E000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!PostMessageW                             7760A175 6 Bytes  JMP 7195000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!SendMessageW                             77610AED 6 Bytes  JMP 719B000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!mouse_event                              7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!SendInput                                77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!SendInput + 4                            77622F79 2 Bytes  [A0, 71]
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] USER32.dll!keybd_event                              7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ADVAPI32.dll!CreateServiceW                         776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] ADVAPI32.dll!CreateServiceA                         777172A1 5 Bytes  JMP 7192000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] WS2_32.dll!connect                                  779440D9 6 Bytes  JMP 717A000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] WS2_32.dll!WSALookupServiceBeginW                   77944E93 6 Bytes  JMP 7174000A 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[2740] WS2_32.dll!listen                                   77948CD7 6 Bytes  JMP 7177000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtCreateFile                          77A04244 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtCreateFile + 4                      77A04248 2 Bytes  [82, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtDeleteValueKey                      77A04664 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtDeleteValueKey + 4                  77A04668 2 Bytes  [88, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtOpenFile                            77A04A24 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtOpenFile + 4                        77A04A28 2 Bytes  [7F, 71] {JG 0x73}
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtOpenProcess                         77A04AA4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtOpenProcess + 4                     77A04AA8 2 Bytes  [85, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtSetContextThread                    77A05094 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtSetContextThread + 4                77A05098 2 Bytes  [7C, 71] {JL 0x73}
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtSetValueKey                         77A052C4 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!NtSetValueKey + 4                     77A052C8 2 Bytes  [8B, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] kernel32.dll!LoadLibraryExW + 173               770E93DF 4 Bytes  JMP 71AF000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!PostMessageA                         775FF8F8 6 Bytes  JMP 7198000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SendMessageA                         775FF956 6 Bytes  JMP 719E000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!PostMessageW                         7760A175 6 Bytes  JMP 7195000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SendMessageW                         77610AED 6 Bytes  JMP 719B000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!mouse_event                          7762044E 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SendInput                            77622F75 3 Bytes  [FF, 25, 1E]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SendInput + 4                        77622F79 2 Bytes  [A0, 71]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!keybd_event                          7764D972 6 Bytes  JMP 71A8000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!CreateServiceW                     776D9EB4 6 Bytes  JMP 718F000A 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!CreateServiceA                     777172A1 5 Bytes  JMP 7192000A 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                         5

---- EOF - GMER 2.1 ----
         
--- --- ---


Bei der Ausführung von MBAR wurde nichts gefunden, also kein Cleanup notwendig; beim Schließen des Programms hatte ich direkt wieder einen Absturz (Bluescreen). Ich post hier trotzdem mal das log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.08.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: LAPTOP-U-UND-W [administrator]

08.03.2013 12:53:51
mbar-log-2013-03-08 (12-53-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27526
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Gruß


Alt 08.03.2013, 12:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Vista: Laptop wird zusehends langsamer und stürzt ständig ab

Alt 08.03.2013, 14:12   #7
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hallo,

Hier das log von ASWMBR (ist 1x abgestürzt):
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 14:57:56
-----------------------------
14:57:56.758    OS Version: Windows 6.0.6002 Service Pack 2
14:57:56.758    Number of processors: 2 586 0xF0D
14:57:56.758    ComputerName: LAPTOP-U-UND-W  UserName: Admin
14:57:58.973    Initialize success
14:58:18.068    AVAST engine defs: 13030800
14:58:22.077    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:58:22.077    Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
14:58:22.093    Disk 0 MBR read successfully
14:58:22.093    Disk 0 MBR scan
14:58:22.124    Disk 0 Windows VISTA default MBR code
14:58:22.139    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9000 MB offset 2048
14:58:22.155    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        96419 MB offset 18434048
14:58:22.342    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        47206 MB offset 215900160
14:58:22.358    Disk 0 scanning sectors +312579760
14:58:23.341    Disk 0 scanning C:\Windows\system32\drivers
14:58:40.828    Service scanning
14:59:06.943    Modules scanning
14:59:30.483    Disk 0 trace - called modules:
14:59:30.530    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys 
14:59:30.530    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x899f9828]
14:59:30.545    3 CLASSPNP.SYS[8b9ab8b3] -> nt!IofCallDriver -> [0x87c68640]
14:59:30.545    5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87c6e028]
14:59:31.513    AVAST engine scan C:\Windows
14:59:35.459    AVAST engine scan C:\Windows\system32
15:03:06.387    AVAST engine scan C:\Windows\system32\drivers
15:03:20.692    AVAST engine scan C:\Users\Admin
15:03:54.029    AVAST engine scan C:\ProgramData
15:04:36.040    Scan finished successfully
15:04:49.721    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
15:04:49.721    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
         
und von tdsskiller:
Code:
ATTFilter
15:05:28.0507 4020  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:05:29.0958 4020  ============================================================
15:05:29.0958 4020  Current date / time: 2013/03/08 15:05:29.0958
15:05:29.0958 4020  SystemInfo:
15:05:29.0958 4020  
15:05:29.0958 4020  OS Version: 6.0.6002 ServicePack: 2.0
15:05:29.0958 4020  Product type: Workstation
15:05:29.0958 4020  ComputerName: LAPTOP-U-UND-W
15:05:29.0958 4020  UserName: Admin
15:05:29.0958 4020  Windows directory: C:\Windows
15:05:29.0958 4020  System windows directory: C:\Windows
15:05:29.0958 4020  Processor architecture: Intel x86
15:05:29.0958 4020  Number of processors: 2
15:05:29.0958 4020  Page size: 0x1000
15:05:29.0958 4020  Boot type: Normal boot
15:05:29.0958 4020  ============================================================
15:05:31.0564 4020  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:05:31.0580 4020  ============================================================
15:05:31.0580 4020  \Device\Harddisk0\DR0:
15:05:31.0580 4020  MBR partitions:
15:05:31.0580 4020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xBC51800
15:05:31.0580 4020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCDE6000, BlocksNum 0x5C336B0
15:05:31.0580 4020  ============================================================
15:05:31.0658 4020  C: <-> \Device\Harddisk0\DR0\Partition1
15:05:32.0422 4020  D: <-> \Device\Harddisk0\DR0\Partition2
15:05:32.0422 4020  ============================================================
15:05:32.0422 4020  Initialize success
15:05:32.0422 4020  ============================================================
15:05:58.0786 3940  ============================================================
15:05:58.0786 3940  Scan started
15:05:58.0786 3940  Mode: Manual; SigCheck; TDLFS; 
15:05:58.0786 3940  ============================================================
15:05:59.0504 3940  ================ Scan system memory ========================
15:05:59.0504 3940  System memory - ok
15:05:59.0520 3940  ================ Scan services =============================
15:05:59.0644 3940  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc           C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
15:05:59.0738 3940  a2acc - ok
15:05:59.0863 3940  [ 521C7DB6FA2B4DC01610B7A7D741F2BB ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
15:06:00.0066 3940  a2AntiMalware - ok
15:06:00.0097 3940  [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA           C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
15:06:00.0112 3940  A2DDA - ok
15:06:00.0159 3940  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
15:06:00.0175 3940  a2injectiondriver - ok
15:06:00.0222 3940  [ 2DA26EB05B5495D3B2EE36456C239FB7 ] a2util          C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
15:06:00.0222 3940  a2util - ok
15:06:00.0393 3940  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:06:00.0409 3940  ACPI - ok
15:06:00.0502 3940  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:06:00.0518 3940  AdobeARMservice - ok
15:06:00.0612 3940  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:06:00.0627 3940  AdobeFlashPlayerUpdateSvc - ok
15:06:00.0690 3940  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:06:00.0721 3940  adp94xx - ok
15:06:00.0752 3940  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:06:00.0783 3940  adpahci - ok
15:06:00.0799 3940  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:06:00.0814 3940  adpu160m - ok
15:06:00.0846 3940  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:06:00.0861 3940  adpu320 - ok
15:06:00.0924 3940  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:06:01.0017 3940  AeLookupSvc - ok
15:06:01.0080 3940  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:06:01.0142 3940  AFD - ok
15:06:01.0173 3940  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:06:01.0189 3940  agp440 - ok
15:06:01.0236 3940  [ 0DEE2B628D4C6E23285BB91EFFDABFDE ] ahcix86s        C:\Windows\system32\drivers\ahcix86s.sys
15:06:01.0267 3940  ahcix86s - ok
15:06:01.0314 3940  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:06:01.0329 3940  aic78xx - ok
15:06:01.0345 3940  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:06:01.0470 3940  ALG - ok
15:06:01.0501 3940  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:06:01.0516 3940  aliide - ok
15:06:01.0532 3940  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:06:01.0548 3940  amdagp - ok
15:06:01.0563 3940  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:06:01.0579 3940  amdide - ok
15:06:01.0594 3940  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:06:01.0657 3940  AmdK7 - ok
15:06:01.0688 3940  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:06:01.0735 3940  AmdK8 - ok
15:06:01.0797 3940  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:06:01.0844 3940  Appinfo - ok
15:06:01.0875 3940  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
15:06:01.0875 3940  arc - ok
15:06:01.0922 3940  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:06:01.0938 3940  arcsas - ok
15:06:01.0984 3940  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:06:02.0047 3940  AsyncMac - ok
15:06:02.0078 3940  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:06:02.0094 3940  atapi - ok
15:06:02.0172 3940  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:06:02.0296 3940  athr - ok
15:06:02.0374 3940  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:06:02.0406 3940  AudioEndpointBuilder - ok
15:06:02.0421 3940  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:06:02.0452 3940  Audiosrv - ok
15:06:02.0515 3940  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:06:02.0562 3940  Beep - ok
15:06:02.0624 3940  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:06:02.0671 3940  BFE - ok
15:06:02.0749 3940  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
15:06:02.0842 3940  BITS - ok
15:06:02.0874 3940  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:06:02.0920 3940  blbdrive - ok
15:06:02.0952 3940  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:06:03.0014 3940  bowser - ok
15:06:03.0045 3940  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:06:03.0092 3940  BrFiltLo - ok
15:06:03.0123 3940  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:06:03.0154 3940  BrFiltUp - ok
15:06:03.0186 3940  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:06:03.0232 3940  Browser - ok
15:06:03.0264 3940  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:06:03.0435 3940  Brserid - ok
15:06:03.0451 3940  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:06:03.0529 3940  BrSerWdm - ok
15:06:03.0544 3940  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:06:03.0622 3940  BrUsbMdm - ok
15:06:03.0654 3940  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:06:03.0716 3940  BrUsbSer - ok
15:06:03.0747 3940  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:06:03.0810 3940  BTHMODEM - ok
15:06:03.0856 3940  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:06:03.0903 3940  cdfs - ok
15:06:03.0966 3940  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:06:03.0997 3940  cdrom - ok
15:06:04.0044 3940  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:06:04.0090 3940  CertPropSvc - ok
15:06:04.0106 3940  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
15:06:04.0153 3940  circlass - ok
15:06:04.0200 3940  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:06:04.0215 3940  CLFS - ok
15:06:04.0278 3940  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:06:04.0293 3940  clr_optimization_v2.0.50727_32 - ok
15:06:04.0356 3940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:06:04.0434 3940  clr_optimization_v4.0.30319_32 - ok
15:06:04.0496 3940  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:06:04.0558 3940  CmBatt - ok
15:06:04.0605 3940  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:06:04.0621 3940  cmdide - ok
15:06:04.0652 3940  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:06:04.0668 3940  Compbatt - ok
15:06:04.0668 3940  COMSysApp - ok
15:06:04.0683 3940  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:06:04.0699 3940  crcdisk - ok
15:06:04.0699 3940  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:06:04.0746 3940  Crusoe - ok
15:06:04.0808 3940  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:06:04.0839 3940  CryptSvc - ok
15:06:04.0933 3940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:06:05.0011 3940  DcomLaunch - ok
15:06:05.0042 3940  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:06:05.0089 3940  DfsC - ok
15:06:05.0214 3940  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:06:05.0354 3940  DFSR - ok
15:06:05.0432 3940  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:06:05.0463 3940  Dhcp - ok
15:06:05.0510 3940  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:06:05.0510 3940  disk - ok
15:06:05.0572 3940  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:06:05.0619 3940  Dnscache - ok
15:06:05.0666 3940  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:06:05.0713 3940  dot3svc - ok
15:06:05.0760 3940  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:06:05.0806 3940  DPS - ok
15:06:05.0853 3940  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:06:05.0884 3940  drmkaud - ok
15:06:05.0931 3940  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:06:05.0978 3940  DXGKrnl - ok
15:06:06.0040 3940  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:06:06.0072 3940  E1G60 - ok
15:06:06.0103 3940  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:06:06.0150 3940  EapHost - ok
15:06:06.0196 3940  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:06:06.0212 3940  Ecache - ok
15:06:06.0274 3940  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:06:06.0306 3940  ehRecvr - ok
15:06:06.0337 3940  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:06:06.0368 3940  ehSched - ok
15:06:06.0399 3940  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:06:06.0430 3940  ehstart - ok
15:06:06.0477 3940  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:06:06.0493 3940  elxstor - ok
15:06:06.0540 3940  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:06:06.0633 3940  EMDMgmt - ok
15:06:06.0664 3940  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:06:06.0711 3940  ErrDev - ok
15:06:06.0774 3940  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:06:06.0820 3940  EventSystem - ok
15:06:06.0867 3940  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:06:06.0930 3940  exfat - ok
15:06:06.0961 3940  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:06:06.0976 3940  fastfat - ok
15:06:06.0992 3940  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:06:07.0054 3940  fdc - ok
15:06:07.0086 3940  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:06:07.0101 3940  fdPHost - ok
15:06:07.0117 3940  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:06:07.0164 3940  FDResPub - ok
15:06:07.0210 3940  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:06:07.0226 3940  FileInfo - ok
15:06:07.0257 3940  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:06:07.0304 3940  Filetrace - ok
15:06:07.0335 3940  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:06:07.0382 3940  flpydisk - ok
15:06:07.0413 3940  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:06:07.0429 3940  FltMgr - ok
15:06:07.0507 3940  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
15:06:07.0585 3940  FontCache - ok
15:06:07.0632 3940  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:06:07.0647 3940  FontCache3.0.0.0 - ok
15:06:07.0741 3940  [ 6A4125EDBE6D5907D4B1E4514F1F5675 ] FSCLBaseUpdaterService C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
15:06:07.0772 3940  FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
15:06:07.0772 3940  FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
15:06:07.0803 3940  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:06:07.0866 3940  Fs_Rec - ok
15:06:07.0912 3940  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:06:07.0928 3940  gagp30kx - ok
15:06:07.0959 3940  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:06:08.0037 3940  gpsvc - ok
15:06:08.0131 3940  [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:06:08.0146 3940  gusvc - ok
15:06:08.0193 3940  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:06:08.0256 3940  HdAudAddService - ok
15:06:08.0302 3940  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:06:08.0334 3940  HDAudBus - ok
15:06:08.0365 3940  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:06:08.0443 3940  HidBth - ok
15:06:08.0458 3940  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:06:08.0521 3940  HidIr - ok
15:06:08.0568 3940  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
15:06:08.0614 3940  hidserv - ok
15:06:08.0646 3940  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:06:08.0692 3940  HidUsb - ok
15:06:08.0739 3940  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:06:08.0770 3940  hkmsvc - ok
15:06:08.0817 3940  [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey          C:\Windows\system32\drivers\Hotkey.sys
15:06:08.0833 3940  Hotkey ( UnsignedFile.Multi.Generic ) - warning
15:06:08.0833 3940  Hotkey - detected UnsignedFile.Multi.Generic (1)
15:06:08.0864 3940  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:06:08.0880 3940  HpCISSs - ok
15:06:08.0911 3940  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:06:08.0989 3940  HTTP - ok
15:06:09.0036 3940  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:06:09.0036 3940  i2omp - ok
15:06:09.0098 3940  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:06:09.0114 3940  i8042prt - ok
15:06:09.0176 3940  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\drivers\iastor.sys
15:06:09.0192 3940  iaStor - ok
15:06:09.0223 3940  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:06:09.0238 3940  iaStorV - ok
15:06:09.0285 3940  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:06:09.0332 3940  idsvc - ok
15:06:09.0457 3940  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:06:09.0597 3940  igfx - ok
15:06:09.0644 3940  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:06:09.0660 3940  iirsp - ok
15:06:09.0706 3940  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:06:09.0753 3940  IKEEXT - ok
15:06:09.0847 3940  [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:06:09.0972 3940  IntcAzAudAddService - ok
15:06:10.0018 3940  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:06:10.0034 3940  intelide - ok
15:06:10.0096 3940  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:06:10.0143 3940  intelppm - ok
15:06:10.0159 3940  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:06:10.0221 3940  IPBusEnum - ok
15:06:10.0252 3940  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:06:10.0377 3940  IpFilterDriver - ok
15:06:10.0408 3940  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:06:10.0455 3940  iphlpsvc - ok
15:06:10.0455 3940  IpInIp - ok
15:06:10.0486 3940  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:06:10.0892 3940  IPMIDRV - ok
15:06:10.0923 3940  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:06:10.0970 3940  IPNAT - ok
15:06:11.0001 3940  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:06:11.0032 3940  IRENUM - ok
15:06:11.0064 3940  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:06:11.0079 3940  isapnp - ok
15:06:11.0126 3940  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:06:11.0142 3940  iScsiPrt - ok
15:06:11.0173 3940  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:06:11.0173 3940  iteatapi - ok
15:06:11.0220 3940  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:06:11.0235 3940  iteraid - ok
15:06:11.0266 3940  [ C36F3A1A4E8416EF43F30DEAB7701730 ] JRAID           C:\Windows\system32\drivers\jraid.sys
15:06:11.0391 3940  JRAID - ok
15:06:11.0422 3940  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:06:11.0438 3940  kbdclass - ok
15:06:11.0454 3940  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:06:11.0500 3940  kbdhid - ok
15:06:11.0547 3940  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:06:11.0594 3940  KeyIso - ok
15:06:11.0625 3940  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:06:11.0656 3940  KSecDD - ok
15:06:11.0703 3940  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:06:11.0766 3940  KtmRm - ok
15:06:11.0797 3940  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:06:11.0859 3940  LanmanServer - ok
15:06:11.0906 3940  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:06:11.0968 3940  LanmanWorkstation - ok
15:06:12.0000 3940  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:06:12.0046 3940  lltdio - ok
15:06:12.0078 3940  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:06:12.0109 3940  lltdsvc - ok
15:06:12.0124 3940  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:06:12.0187 3940  lmhosts - ok
15:06:12.0218 3940  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:06:12.0234 3940  LSI_FC - ok
15:06:12.0249 3940  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:06:12.0265 3940  LSI_SAS - ok
15:06:12.0312 3940  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:06:12.0327 3940  LSI_SCSI - ok
15:06:12.0343 3940  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:06:12.0390 3940  luafv - ok
15:06:12.0421 3940  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:06:12.0468 3940  Mcx2Svc - ok
15:06:12.0499 3940  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:06:12.0499 3940  megasas - ok
15:06:12.0561 3940  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:06:12.0592 3940  MegaSR - ok
15:06:12.0624 3940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:06:12.0655 3940  MMCSS - ok
15:06:12.0670 3940  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:06:12.0717 3940  Modem - ok
15:06:12.0748 3940  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:06:12.0780 3940  monitor - ok
15:06:12.0811 3940  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:06:12.0826 3940  mouclass - ok
15:06:12.0842 3940  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:06:12.0873 3940  mouhid - ok
15:06:12.0889 3940  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:06:12.0904 3940  MountMgr - ok
15:06:12.0967 3940  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:06:12.0982 3940  MozillaMaintenance - ok
15:06:13.0029 3940  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:06:13.0045 3940  mpio - ok
15:06:13.0076 3940  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:06:13.0123 3940  mpsdrv - ok
15:06:13.0170 3940  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:06:13.0201 3940  MpsSvc - ok
15:06:13.0232 3940  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:06:13.0248 3940  Mraid35x - ok
15:06:13.0279 3940  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:06:13.0294 3940  MRxDAV - ok
15:06:13.0357 3940  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:06:13.0388 3940  mrxsmb - ok
15:06:13.0419 3940  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:06:13.0450 3940  mrxsmb10 - ok
15:06:13.0466 3940  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:06:13.0497 3940  mrxsmb20 - ok
15:06:13.0528 3940  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
15:06:13.0544 3940  msahci - ok
15:06:13.0560 3940  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:06:13.0575 3940  msdsm - ok
15:06:13.0591 3940  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:06:13.0638 3940  MSDTC - ok
15:06:13.0684 3940  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:06:13.0731 3940  Msfs - ok
15:06:13.0747 3940  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:06:13.0762 3940  msisadrv - ok
15:06:13.0809 3940  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:06:13.0840 3940  MSiSCSI - ok
15:06:13.0840 3940  msiserver - ok
15:06:13.0887 3940  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:06:13.0934 3940  MSKSSRV - ok
15:06:13.0965 3940  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:06:13.0996 3940  MSPCLOCK - ok
15:06:14.0028 3940  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:06:14.0074 3940  MSPQM - ok
15:06:14.0106 3940  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:06:14.0121 3940  MsRPC - ok
15:06:14.0152 3940  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:06:14.0168 3940  mssmbios - ok
15:06:14.0168 3940  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:06:14.0199 3940  MSTEE - ok
15:06:14.0230 3940  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:06:14.0246 3940  Mup - ok
15:06:14.0293 3940  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:06:14.0308 3940  napagent - ok
15:06:14.0371 3940  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:06:14.0402 3940  NativeWifiP - ok
15:06:14.0449 3940  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:06:14.0496 3940  NDIS - ok
15:06:14.0511 3940  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:06:14.0542 3940  NdisTapi - ok
15:06:14.0574 3940  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:06:14.0589 3940  Ndisuio - ok
15:06:14.0652 3940  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:06:14.0667 3940  NdisWan - ok
15:06:14.0683 3940  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:06:14.0714 3940  NDProxy - ok
15:06:14.0823 3940  [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
15:06:14.0870 3940  Nero BackItUp Scheduler 3 - ok
15:06:14.0901 3940  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:06:14.0932 3940  NetBIOS - ok
15:06:14.0995 3940  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:06:15.0026 3940  netbt - ok
15:06:15.0057 3940  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:06:15.0073 3940  Netlogon - ok
15:06:15.0104 3940  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:06:15.0151 3940  Netman - ok
15:06:15.0198 3940  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:06:15.0229 3940  netprofm - ok
15:06:15.0244 3940  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:06:15.0260 3940  NetTcpPortSharing - ok
15:06:15.0291 3940  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:06:15.0307 3940  nfrd960 - ok
15:06:15.0322 3940  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:06:15.0369 3940  NlaSvc - ok
15:06:15.0447 3940  [ FF4D73B16EA3A32D34CEB3A7BC3C3773 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
15:06:15.0463 3940  NMIndexingService - ok
15:06:15.0494 3940  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:06:15.0525 3940  Npfs - ok
15:06:15.0541 3940  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:06:15.0588 3940  nsi - ok
15:06:15.0603 3940  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:06:15.0650 3940  nsiproxy - ok
15:06:15.0728 3940  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:06:15.0790 3940  Ntfs - ok
15:06:15.0822 3940  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:06:15.0884 3940  ntrigdigi - ok
15:06:15.0900 3940  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:06:15.0931 3940  Null - ok
15:06:15.0962 3940  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:06:15.0978 3940  nvraid - ok
15:06:16.0024 3940  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:06:16.0024 3940  nvstor - ok
15:06:16.0040 3940  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:06:16.0056 3940  nv_agp - ok
15:06:16.0071 3940  NwlnkFlt - ok
15:06:16.0071 3940  NwlnkFwd - ok
15:06:16.0149 3940  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:06:16.0180 3940  odserv - ok
15:06:16.0227 3940  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:06:16.0290 3940  ohci1394 - ok
15:06:16.0336 3940  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:06:16.0352 3940  ose - ok
15:06:16.0414 3940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:06:16.0492 3940  p2pimsvc - ok
15:06:16.0508 3940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:06:16.0539 3940  p2psvc - ok
15:06:16.0555 3940  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
15:06:16.0617 3940  Parport - ok
15:06:16.0664 3940  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:06:16.0664 3940  partmgr - ok
15:06:16.0680 3940  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:06:16.0758 3940  Parvdm - ok
15:06:16.0789 3940  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:06:16.0851 3940  PcaSvc - ok
15:06:16.0867 3940  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:06:16.0882 3940  pci - ok
15:06:16.0914 3940  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
15:06:16.0929 3940  pciide - ok
15:06:16.0945 3940  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:06:16.0960 3940  pcmcia - ok
15:06:17.0023 3940  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:06:17.0132 3940  PEAUTH - ok
15:06:17.0210 3940  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:06:17.0335 3940  pla - ok
15:06:17.0366 3940  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:06:17.0397 3940  PlugPlay - ok
15:06:17.0428 3940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:06:17.0460 3940  PNRPAutoReg - ok
15:06:17.0491 3940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:06:17.0522 3940  PNRPsvc - ok
15:06:17.0569 3940  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:06:17.0631 3940  PolicyAgent - ok
15:06:17.0678 3940  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:06:17.0694 3940  PptpMiniport - ok
15:06:17.0725 3940  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
15:06:17.0772 3940  Processor - ok
15:06:17.0787 3940  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:06:17.0818 3940  ProfSvc - ok
15:06:17.0834 3940  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:06:17.0850 3940  ProtectedStorage - ok
15:06:17.0881 3940  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:06:17.0912 3940  PSched - ok
15:06:17.0943 3940  [ 68B57D7C11277EA89F78255480376B4D ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
15:06:17.0959 3940  PSI - ok
15:06:17.0990 3940  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:06:18.0006 3940  PxHelp20 - ok
15:06:18.0068 3940  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:06:18.0146 3940  ql2300 - ok
15:06:18.0162 3940  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:06:18.0177 3940  ql40xx - ok
15:06:18.0208 3940  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:06:18.0224 3940  QWAVE - ok
15:06:18.0240 3940  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:06:18.0286 3940  QWAVEdrv - ok
15:06:18.0302 3940  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:06:18.0349 3940  RasAcd - ok
15:06:18.0380 3940  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:06:18.0396 3940  RasAuto - ok
15:06:18.0411 3940  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:06:18.0458 3940  Rasl2tp - ok
15:06:18.0505 3940  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:06:18.0536 3940  RasMan - ok
15:06:18.0583 3940  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:06:18.0614 3940  RasPppoe - ok
15:06:18.0645 3940  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:06:18.0661 3940  RasSstp - ok
15:06:18.0692 3940  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:06:18.0708 3940  rdbss - ok
15:06:18.0739 3940  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:06:18.0770 3940  RDPCDD - ok
15:06:18.0786 3940  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:06:18.0817 3940  rdpdr - ok
15:06:18.0832 3940  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:06:18.0879 3940  RDPENCDD - ok
15:06:18.0926 3940  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:06:18.0973 3940  RDPWD - ok
15:06:19.0020 3940  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:06:19.0066 3940  RemoteAccess - ok
15:06:19.0113 3940  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:06:19.0160 3940  RemoteRegistry - ok
15:06:19.0191 3940  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:06:19.0238 3940  RpcLocator - ok
15:06:19.0269 3940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:06:19.0300 3940  RpcSs - ok
15:06:19.0347 3940  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:06:19.0394 3940  rspndr - ok
15:06:19.0441 3940  [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
15:06:19.0456 3940  RTL8169 - ok
15:06:19.0472 3940  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:06:19.0488 3940  SamSs - ok
15:06:19.0503 3940  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:06:19.0519 3940  sbp2port - ok
15:06:19.0754 3940  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:06:19.0779 3940  SCardSvr - ok
15:06:19.0834 3940  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:06:20.0003 3940  Schedule - ok
15:06:20.0026 3940  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:06:20.0048 3940  SCPolicySvc - ok
15:06:20.0089 3940  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:06:20.0143 3940  SDRSVC - ok
15:06:20.0452 3940  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
15:06:20.0530 3940  SDScannerService - ok
15:06:20.0623 3940  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:06:20.0686 3940  SDUpdateService - ok
15:06:20.0764 3940  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:06:20.0779 3940  SDWSCService - ok
15:06:20.0811 3940  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:06:21.0029 3940  secdrv - ok
15:06:21.0060 3940  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:06:21.0185 3940  seclogon - ok
15:06:21.0481 3940  [ E43C0D32FF2D9A72F2D975B83B916964 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
15:06:21.0965 3940  Secunia PSI Agent - ok
15:06:22.0293 3940  [ CB2D183E27D1443F7D4CF10665B2BDED ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
15:06:22.0324 3940  Secunia Update Agent - ok
15:06:22.0371 3940  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
15:06:22.0464 3940  SENS - ok
15:06:22.0464 3940  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:06:22.0511 3940  Serenum - ok
15:06:22.0698 3940  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:06:22.0792 3940  Serial - ok
15:06:22.0823 3940  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:06:22.0885 3940  sermouse - ok
15:06:23.0041 3940  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:06:23.0088 3940  SessionEnv - ok
15:06:23.0119 3940  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:06:23.0151 3940  sffdisk - ok
15:06:23.0197 3940  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:06:23.0291 3940  sffp_mmc - ok
15:06:23.0369 3940  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:06:23.0431 3940  sffp_sd - ok
15:06:23.0478 3940  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:06:23.0665 3940  sfloppy - ok
15:06:23.0697 3940  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:06:23.0946 3940  SharedAccess - ok
15:06:24.0024 3940  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:06:24.0071 3940  ShellHWDetection - ok
15:06:24.0118 3940  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:06:24.0118 3940  sisagp - ok
15:06:24.0149 3940  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:06:24.0149 3940  SiSRaid2 - ok
15:06:24.0165 3940  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:06:24.0196 3940  SiSRaid4 - ok
15:06:24.0321 3940  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:06:24.0648 3940  slsvc - ok
15:06:24.0711 3940  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:06:24.0742 3940  SLUINotify - ok
15:06:24.0757 3940  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:06:24.0820 3940  Smb - ok
15:06:24.0929 3940  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:06:24.0945 3940  SNMPTRAP - ok
15:06:24.0991 3940  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:06:24.0991 3940  spldr - ok
15:06:25.0069 3940  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
15:06:25.0101 3940  Spooler - ok
15:06:25.0194 3940  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:06:25.0257 3940  srv - ok
15:06:25.0288 3940  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:06:25.0366 3940  srv2 - ok
15:06:25.0428 3940  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:06:25.0459 3940  srvnet - ok
15:06:25.0491 3940  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:06:25.0537 3940  SSDPSRV - ok
15:06:25.0584 3940  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:06:25.0615 3940  SstpSvc - ok
15:06:25.0709 3940  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:06:25.0756 3940  stisvc - ok
15:06:25.0803 3940  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:06:25.0818 3940  swenum - ok
15:06:25.0881 3940  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:06:25.0959 3940  swprv - ok
15:06:26.0068 3940  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:06:26.0083 3940  Symc8xx - ok
15:06:26.0130 3940  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:06:26.0146 3940  Sym_hi - ok
15:06:26.0161 3940  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:06:26.0177 3940  Sym_u3 - ok
15:06:26.0239 3940  [ DB835C324CD488A86E9BFC2C3FD29CD8 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:06:26.0255 3940  SynTP - ok
15:06:26.0364 3940  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:06:26.0427 3940  SysMain - ok
15:06:26.0473 3940  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:06:26.0536 3940  TabletInputService - ok
15:06:26.0629 3940  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:06:26.0645 3940  TapiSrv - ok
15:06:26.0692 3940  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:06:26.0739 3940  TBS - ok
15:06:26.0848 3940  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:06:26.0926 3940  Tcpip - ok
15:06:26.0941 3940  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:06:27.0004 3940  Tcpip6 - ok
15:06:27.0051 3940  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:06:27.0113 3940  tcpipreg - ok
15:06:27.0472 3940  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:06:27.0550 3940  TDPIPE - ok
15:06:27.0581 3940  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:06:27.0601 3940  TDTCP - ok
15:06:27.0651 3940  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:06:27.0716 3940  tdx - ok
15:06:27.0756 3940  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:06:27.0771 3940  TermDD - ok
15:06:27.0821 3940  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:06:27.0971 3940  TermService - ok
15:06:28.0086 3940  [ 0309C520AB9F1DBB4BF0F0A4D4DF01BD ] TestHandler     C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
15:06:28.0126 3940  TestHandler ( UnsignedFile.Multi.Generic ) - warning
15:06:28.0126 3940  TestHandler - detected UnsignedFile.Multi.Generic (1)
15:06:28.0166 3940  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:06:28.0201 3940  Themes - ok
15:06:28.0226 3940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:06:28.0256 3940  THREADORDER - ok
15:06:28.0286 3940  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:06:28.0336 3940  TrkWks - ok
15:06:28.0426 3940  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:06:28.0486 3940  TrustedInstaller - ok
15:06:28.0516 3940  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:06:28.0646 3940  tssecsrv - ok
15:06:28.0696 3940  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:06:28.0776 3940  tunmp - ok
15:06:28.0891 3940  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:06:28.0956 3940  tunnel - ok
15:06:29.0011 3940  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:06:29.0026 3940  uagp35 - ok
15:06:29.0116 3940  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:06:29.0141 3940  udfs - ok
15:06:29.0216 3940  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:06:29.0261 3940  UI0Detect - ok
15:06:29.0376 3940  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:06:29.0391 3940  uliagpkx - ok
15:06:29.0431 3940  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:06:29.0451 3940  uliahci - ok
15:06:29.0461 3940  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:06:29.0476 3940  UlSata - ok
15:06:29.0506 3940  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:06:29.0516 3940  ulsata2 - ok
15:06:29.0541 3940  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:06:29.0773 3940  umbus - ok
15:06:29.0820 3940  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:06:29.0851 3940  upnphost - ok
15:06:29.0914 3940  [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
15:06:29.0976 3940  usbccgp - ok
15:06:30.0023 3940  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:06:30.0117 3940  usbcir - ok
15:06:30.0148 3940  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:06:30.0195 3940  usbehci - ok
15:06:30.0226 3940  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:06:30.0241 3940  usbhub - ok
15:06:30.0273 3940  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:06:30.0335 3940  usbohci - ok
15:06:30.0366 3940  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:06:30.0382 3940  usbprint - ok
15:06:30.0413 3940  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:06:30.0444 3940  USBSTOR - ok
15:06:30.0475 3940  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:06:30.0491 3940  usbuhci - ok
15:06:30.0553 3940  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:06:30.0569 3940  UxSms - ok
15:06:30.0616 3940  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:06:30.0694 3940  vds - ok
15:06:30.0725 3940  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:06:30.0772 3940  vga - ok
15:06:30.0803 3940  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:06:30.0834 3940  VgaSave - ok
15:06:30.0865 3940  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:06:30.0881 3940  viaagp - ok
15:06:30.0897 3940  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:06:30.0912 3940  ViaC7 - ok
15:06:30.0943 3940  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:06:30.0959 3940  viaide - ok
15:06:30.0990 3940  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:06:31.0006 3940  volmgr - ok
15:06:31.0037 3940  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:06:31.0053 3940  volmgrx - ok
15:06:31.0099 3940  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:06:31.0115 3940  volsnap - ok
15:06:31.0146 3940  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:06:31.0162 3940  vsmraid - ok
15:06:31.0209 3940  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:06:31.0333 3940  VSS - ok
15:06:31.0365 3940  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:06:31.0396 3940  W32Time - ok
15:06:31.0458 3940  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:06:31.0536 3940  WacomPen - ok
15:06:31.0583 3940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:06:31.0630 3940  Wanarp - ok
15:06:31.0645 3940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:06:31.0661 3940  Wanarpv6 - ok
15:06:31.0739 3940  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:06:31.0786 3940  wcncsvc - ok
15:06:31.0817 3940  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:06:31.0848 3940  WcsPlugInService - ok
15:06:31.0879 3940  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
15:06:31.0895 3940  Wd - ok
15:06:31.0957 3940  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:06:32.0004 3940  Wdf01000 - ok
15:06:32.0051 3940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:06:32.0098 3940  WdiServiceHost - ok
15:06:32.0098 3940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:06:32.0129 3940  WdiSystemHost - ok
15:06:32.0160 3940  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:06:32.0238 3940  WebClient - ok
15:06:32.0285 3940  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:06:32.0347 3940  Wecsvc - ok
15:06:32.0363 3940  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:06:32.0394 3940  wercplsupport - ok
15:06:32.0425 3940  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:06:32.0472 3940  WerSvc - ok
15:06:32.0535 3940  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:06:32.0566 3940  WinDefend - ok
15:06:32.0566 3940  WinHttpAutoProxySvc - ok
15:06:32.0628 3940  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:06:32.0659 3940  Winmgmt - ok
15:06:32.0722 3940  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:06:32.0815 3940  WinRM - ok
15:06:32.0862 3940  [ B0E6FAA0F0EAD4772C545A3737EFB47F ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
15:06:32.0878 3940  WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
15:06:32.0878 3940  WisLMSvc - detected UnsignedFile.Multi.Generic (1)
15:06:32.0909 3940  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:06:32.0987 3940  Wlansvc - ok
15:06:33.0034 3940  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:06:33.0049 3940  WmiAcpi - ok
15:06:33.0096 3940  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:06:33.0112 3940  wmiApSrv - ok
15:06:33.0205 3940  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:06:33.0283 3940  WMPNetworkSvc - ok
15:06:33.0299 3940  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:06:33.0346 3940  WPCSvc - ok
15:06:33.0393 3940  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:06:33.0439 3940  WPDBusEnum - ok
15:06:33.0502 3940  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:06:33.0533 3940  WpdUsb - ok
15:06:33.0627 3940  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:06:33.0673 3940  WPFFontCache_v0400 - ok
15:06:33.0720 3940  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:06:33.0767 3940  ws2ifsl - ok
15:06:33.0798 3940  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
15:06:33.0829 3940  wscsvc - ok
15:06:33.0829 3940  WSearch - ok
15:06:33.0923 3940  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:06:34.0017 3940  wuauserv - ok
15:06:34.0079 3940  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:06:34.0095 3940  WudfPf - ok
15:06:34.0141 3940  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:06:34.0173 3940  WUDFRd - ok
15:06:34.0219 3940  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:06:34.0235 3940  wudfsvc - ok
15:06:34.0266 3940  ================ Scan global ===============================
15:06:34.0297 3940  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:06:34.0344 3940  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:06:34.0407 3940  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:06:34.0438 3940  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:06:34.0453 3940  [Global] - ok
15:06:34.0453 3940  ================ Scan MBR ==================================
15:06:34.0469 3940  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:06:35.0077 3940  \Device\Harddisk0\DR0 - ok
15:06:35.0077 3940  ================ Scan VBR ==================================
15:06:35.0077 3940  [ ED556A09E45ECB5814AD79988CE0D25F ] \Device\Harddisk0\DR0\Partition1
15:06:35.0077 3940  \Device\Harddisk0\DR0\Partition1 - ok
15:06:35.0124 3940  [ EE76D18BC811DEF42151A0048DBDB255 ] \Device\Harddisk0\DR0\Partition2
15:06:35.0140 3940  \Device\Harddisk0\DR0\Partition2 - ok
15:06:35.0140 3940  ============================================================
15:06:35.0140 3940  Scan finished
15:06:35.0140 3940  ============================================================
15:06:35.0155 4012  Detected object count: 4
15:06:35.0155 4012  Actual detected object count: 4
15:06:46.0949 4012  FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:46.0949 4012  FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:06:46.0965 4012  Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:46.0965 4012  Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:06:46.0965 4012  TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:46.0965 4012  TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:06:46.0965 4012  WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:46.0965 4012  WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:07:38.0975 3232  Deinitialize success
         
Danke

Alt 08.03.2013, 14:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 15:48   #9
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



So, hier der log von Combofix:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-07.03 - Admin 08.03.2013  16:29:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.987 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-08 bis 2013-03-08  ))))))))))))))))))))))))))))))
.
.
2013-03-08 15:38 . 2013-03-08 15:38	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-03-08 15:38 . 2013-03-08 15:38	--------	d-----w-	c:\users\Ursula und Werner\AppData\Local\temp
2013-03-08 15:38 . 2013-03-08 15:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 11:44 . 2013-03-08 11:44	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-08 11:08 . 2013-03-08 11:08	--------	d-----w-	C:\found.000
2013-03-06 18:48 . 2009-04-11 06:28	64000	-c--a-w-	c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0efa334f\smss.exe
2013-03-05 21:20 . 2013-03-05 21:20	--------	d-----w-	c:\program files\Microsoft
2013-03-05 21:17 . 2013-03-05 21:17	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Help
2013-03-05 20:41 . 2013-03-05 20:41	--------	d-----w-	c:\users\Admin\AppData\Local\WindowsUpdate
2013-03-05 20:40 . 2013-03-05 20:40	--------	d-----w-	c:\users\Admin\AppData\Local\Secunia PSI
2013-03-05 20:39 . 2013-03-05 20:39	--------	d-----w-	c:\program files\Common Files\Java
2013-03-05 20:39 . 2013-03-05 20:39	--------	d-----w-	c:\program files\Secunia
2013-03-05 20:39 . 2013-03-05 20:38	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-05 20:39 . 2013-03-05 20:38	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-05 20:39 . 2013-03-05 20:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-05 20:38 . 2013-03-05 20:38	--------	d-----w-	c:\program files\Java
2013-03-05 17:17 . 2013-02-19 02:58	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A51EB8C3-2CEE-4B2B-874D-661EFA81D3F5}\mpengine.dll
2013-03-03 08:26 . 2013-03-08 13:58	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2013-03-03 07:45 . 2013-03-03 08:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-03 07:45 . 2009-01-25 11:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2013-03-03 07:45 . 2013-03-03 07:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-03-03 07:39 . 2013-03-03 07:39	--------	d-----w-	c:\users\Admin\AppData\Local\Mozilla
2013-02-27 14:30 . 2013-02-27 14:30	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-02-21 15:09 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-21 15:08 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-21 15:08 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-21 15:08 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-21 15:08 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-07 12:15 . 2013-02-07 12:15	16024	----a-w-	c:\windows\system32\drivers\psi_mf_x86.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:04 . 2012-04-01 09:20	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 08:04 . 2012-04-01 09:20	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28 . 2009-10-07 14:51	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-25 09:15	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-25 09:15	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-02-27 14:29 . 2013-01-27 18:00	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-01-30 3365288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-05-08 09:59	268096	----a-w-	c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23	443968	----a-w-	c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 14:45	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 11422546
*Deregistered* - 11422546
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:04]
.
2013-03-08 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-03 13:08]
.
2013-03-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-03 13:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ij4zajdw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-08 16:38
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2013-03-08  16:41:15
ComboFix-quarantined-files.txt  2013-03-08 15:41
.
Vor Suchlauf: 16 Verzeichnis(se), 61.736.669.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 62.481.977.344 Bytes frei
.
- - End Of File - - ED6ACAE7412AB8159E7A9B7AD977D3E1
         
--- --- ---
Danke.

Alt 08.03.2013, 16:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Filelook::
    c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0efa334f\smss.exe
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2013, 17:07   #11
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hallo,
hier der Log vom neuen Combofix-Run:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-07.03 - Admin 08.03.2013  17:29:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.1042 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\CFScript.txt
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-08 bis 2013-03-08  ))))))))))))))))))))))))))))))
.
.
2013-03-08 16:38 . 2013-03-08 16:38	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-03-08 16:38 . 2013-03-08 16:38	--------	d-----w-	c:\users\Ursula und Werner\AppData\Local\temp
2013-03-08 16:38 . 2013-03-08 16:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 11:44 . 2013-03-08 11:44	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-08 11:08 . 2013-03-08 11:08	--------	d-----w-	C:\found.000
2013-03-06 18:48 . 2009-04-11 06:28	64000	-c--a-w-	c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0efa334f\smss.exe
2013-03-05 21:20 . 2013-03-05 21:20	--------	d-----w-	c:\program files\Microsoft
2013-03-05 21:17 . 2013-03-05 21:17	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Help
2013-03-05 20:41 . 2013-03-05 20:41	--------	d-----w-	c:\users\Admin\AppData\Local\WindowsUpdate
2013-03-05 20:40 . 2013-03-05 20:40	--------	d-----w-	c:\users\Admin\AppData\Local\Secunia PSI
2013-03-05 20:39 . 2013-03-05 20:39	--------	d-----w-	c:\program files\Common Files\Java
2013-03-05 20:39 . 2013-03-05 20:39	--------	d-----w-	c:\program files\Secunia
2013-03-05 20:39 . 2013-03-05 20:38	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-05 20:39 . 2013-03-05 20:38	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-05 20:39 . 2013-03-05 20:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-05 20:38 . 2013-03-05 20:38	--------	d-----w-	c:\program files\Java
2013-03-05 17:17 . 2013-02-19 02:58	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A51EB8C3-2CEE-4B2B-874D-661EFA81D3F5}\mpengine.dll
2013-03-03 08:26 . 2013-03-08 16:26	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2013-03-03 07:45 . 2013-03-03 08:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-03 07:45 . 2009-01-25 11:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2013-03-03 07:45 . 2013-03-03 07:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-03-03 07:39 . 2013-03-03 07:39	--------	d-----w-	c:\users\Admin\AppData\Local\Mozilla
2013-02-27 14:30 . 2013-02-27 14:30	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-02-21 15:09 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-21 15:08 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-21 15:08 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-21 15:08 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-21 15:08 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-07 12:15 . 2013-02-07 12:15	16024	----a-w-	c:\windows\system32\drivers\psi_mf_x86.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:04 . 2012-04-01 09:20	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 08:04 . 2012-04-01 09:20	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28 . 2009-10-07 14:51	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-25 09:15	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-25 09:15	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-02-27 14:29 . 2013-01-27 18:00	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0efa334f\smss.exe ---
Company: Microsoft Corporation
File Description: Windows Session Manager
File Version: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: smss.exe
File size: 64000
Created time: 2013-03-06 18:48
Modified time: 2009-04-11 06:28
MD5: 98AF15A94CD6AC37248E72E5FE789B35
SHA1: 348F0EDF9BA670E3713223113ECC9C6C37A67DCC
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-01-30 3365288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-05-08 09:59	268096	----a-w-	c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23	443968	----a-w-	c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 14:45	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:04]
.
2013-03-08 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-03-03 13:08]
.
2013-03-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-03-03 13:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-4
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ij4zajdw.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-08 17:38
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2013-03-08  17:41:02
ComboFix-quarantined-files.txt  2013-03-08 16:40
ComboFix2.txt  2013-03-08 15:41
.
Vor Suchlauf: 20 Verzeichnis(se), 62.409.904.128 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 62.383.915.008 Bytes frei
.
- - End Of File - - 1172A231537FDEEC179951F9D87A39F2
         
--- --- ---
Danke.

Alt 08.03.2013, 18:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 20:09   #13
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hi,
also hier JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Admin on 10.03.2013 at 20:29:01,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2446174624-2630530410-1680443987-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.03.2013 at 20:37:18,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
dann ADWcleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 10/03/2013 um 20:47:50 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Admin - LAPTOP-U-UND-W
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ij4zajdw.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Ursula und Werner\AppData\Roaming\Mozilla\Firefox\Profiles\9zu6fmiy.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[S1].txt - [1104 octets] - [10/03/2013 20:47:50]

########## EOF - C:\AdwCleaner[S1].txt - [1164 octets] ##########
         
--- --- ---


und OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.03.2013 20:52:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 38,38% Memory free
4,22 Gb Paging File | 2,73 Gb Available in Paging File | 64,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 58,04 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
Drive D: | 46,10 Gb Total Space | 28,74 Gb Free Space | 62,35% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-U-UND-W | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{2AD13F47-28C0-45AF-B074-89752EA6494A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=2813AAB2-915E-42B3-94D8-F4EDF50ED300&apn_sauid=452548AC-2F70-468D-8393-C8CBABA03723
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 08:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 08:46:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.03.09 08:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 08:46:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2446174624-2630530410-1680443987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD79E272-0764-4608-BD94-A280E33E4FD3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.10 20:28:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.10 20:28:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.10 20:28:44 | 000,000,000 | ---D | C] -- \JRT
[2013.03.10 20:26:54 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Admin\Desktop\JRT.exe
[2013.03.09 08:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.08 17:41:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2013.03.08 17:39:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.08 17:39:54 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.03.08 17:26:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.08 17:26:51 | 000,000,000 | ---D | C] -- \ComboFix
[2013.03.08 17:20:54 | 005,037,067 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2013.03.08 16:27:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.08 16:27:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.08 16:27:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.08 16:25:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.08 16:25:54 | 000,000,000 | ---D | C] -- \Qoobox
[2013.03.08 16:25:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.08 14:35:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2013.03.08 14:35:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2013.03.08 12:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.08 12:43:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\mbar-1.01.0.1021
[2013.03.08 12:08:55 | 000,000,000 | ---D | C] -- C:\found.000
[2013.03.08 12:08:55 | 000,000,000 | ---D | C] -- \found.000
[2013.03.07 21:56:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.03.05 22:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.03.05 22:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013.03.05 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Help
[2013.03.05 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\WindowsUpdate
[2013.03.05 21:40:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI
[2013.03.05 21:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.05 21:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.05 21:39:33 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.05 21:39:33 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.05 21:39:33 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 21:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013.03.05 21:39:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 21:39:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 21:39:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 21:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.03 09:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.03.03 09:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013.03.03 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Anti-Malware
[2013.03.03 08:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.03 08:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.03 08:45:08 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.03.03 08:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.03 08:39:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2013.02.27 15:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.27 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.02.22 17:11:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.22 17:11:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.22 17:11:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.22 17:11:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.22 17:11:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.22 17:11:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.22 17:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.22 17:11:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.21 16:09:02 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.21 16:08:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.21 16:08:36 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.21 16:08:36 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.10 20:50:00 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.03.10 20:49:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 20:49:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 20:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 20:49:15 | 2135,359,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 20:26:18 | 000,597,667 | ---- | M] () -- C:\Users\Admin\Desktop\adwcleaner.exe
[2013.03.10 20:26:09 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Admin\Desktop\JRT.exe
[2013.03.08 18:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.08 17:21:21 | 005,037,067 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2013.03.08 15:04:49 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2013.03.08 14:34:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2013.03.08 14:33:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2013.03.08 12:58:25 | 345,418,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.08 12:17:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.08 12:17:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.08 12:17:34 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.08 12:17:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.08 12:06:14 | 000,377,856 | ---- | M] () -- C:\Users\Admin\Desktop\gmer_2.1.19155.exe
[2013.03.07 21:57:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.03.05 22:22:14 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.05 22:09:25 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.05 21:39:36 | 000,000,905 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.03.05 21:38:45 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 21:38:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 21:38:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 21:38:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 21:38:25 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.05 21:38:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.04 16:29:32 | 000,015,948 | ---- | M] () -- C:\Users\Admin\Documents\cc_20130304_162836.reg
[2013.03.03 09:36:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.03 09:27:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.03.03 08:45:16 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.28 09:04:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.28 09:04:49 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.03.10 20:26:54 | 000,597,667 | ---- | C] () -- C:\Users\Admin\Desktop\adwcleaner.exe
[2013.03.08 16:27:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.08 16:27:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.08 16:27:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.08 16:27:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.08 16:27:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.08 15:04:49 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2013.03.08 12:13:20 | 000,377,856 | ---- | C] () -- C:\Users\Admin\Desktop\gmer_2.1.19155.exe
[2013.03.06 18:19:15 | 345,418,336 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.05 22:09:25 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.05 21:39:36 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.03.05 21:39:35 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.03.04 16:28:43 | 000,015,948 | ---- | C] () -- C:\Users\Admin\Documents\cc_20130304_162836.reg
[2013.03.03 09:27:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.03.03 08:45:29 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.03.03 08:45:27 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.03.03 08:45:16 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.03 08:45:16 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.03.24 16:04:56 | 000,109,721 | ---- | C] () -- C:\Users\Admin\ESt2011_SCHULZ_WERNER_und_SCHULZ_URSULA.elfo
[2008.10.23 07:16:23 | 000,002,630 | ---- | C] () -- \pi_adler.csv
[2008.07.11 14:34:36 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.07.11 05:12:08 | 2135,359,488 | -HS- | C] () -- \hiberfil.sys
[2008.07.10 07:34:35 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006.11.02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.03.2013 20:52:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 38,38% Memory free
4,22 Gb Paging File | 2,73 Gb Available in Paging File | 64,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 58,04 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
Drive D: | 46,10 Gb Total Space | 28,74 Gb Free Space | 62,35% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-U-UND-W | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D6E4EDD-B68D-493C-93E7-62496B31DACD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1F8D32C7-F30F-4BC1-82ED-8E0B2928F8D2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{37F8D196-A875-43FA-B718-B39452D2B4D6}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{3DA6BDF2-6BB8-4542-AB44-19BCAFF17546}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"TCP Query User{6E21E511-AED3-4DB1-A2E1-2248F80923CD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{07EB713E-1C28-4E75-A6D4-5B62DC2AE3DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.03.2013 15:49:35 | Computer Name = Laptop-U-und-W | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 29.04.2010 09:40:33 | Computer Name = Laptop-U-und-W | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1134
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ Spybot - Search and Destroy Events ]
Error - 03.03.2013 04:16:09 | Computer Name = Laptop-U-und-W | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
 
< End of report >
         
--- --- ---

[/code]

Danke.

Alt 10.03.2013, 21:04   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 19:22   #15
mephisto315
 
Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Standard

Vista: Laptop wird zusehends langsamer und stürzt ständig ab



Hallo,
ich habe z.Zt. wieder gehäuft Probleme mit Rechner-Abstürzen.
Beim Malwarebytes-Quickscan ist mir der Rechner 2x abgestürzt (Bluescreen).
Dann konnte ich den Scan abschließen, ohne Fund.

Der Eset-Scan ist mir jetzt auch schon 2x mittendrin abgestürzt; ich versuche es soeben nochmal...

Hast Du da noch irgend eine Idee? Danke im Voraus.

Antwort

Themen zu Vista: Laptop wird zusehends langsamer und stürzt ständig ab
absturz, abstürze, abstürzen, aktuelle, anti-malware, beendet, frage, fragen, hilfe!, installation, langsamer, laptop, lösung, nichts, online, online nach einer lösung suchen, problem, programme, rechner, secunia psi, software, spybot, suche, super, updates, verschiedene, viren, vista



Ähnliche Themen: Vista: Laptop wird zusehends langsamer und stürzt ständig ab


  1. Laptop wird langsamer
    Log-Analyse und Auswertung - 14.10.2015 (11)
  2. Laptop wird immer langsamer :-(
    Log-Analyse und Auswertung - 21.07.2015 (10)
  3. Vista 64bit - Mozilla Firefox stürzt ständig ab
    Log-Analyse und Auswertung - 15.04.2015 (9)
  4. Windows 7 64 bit; Werbung poppt ständig auf; Computer wird langsamer
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (51)
  5. Laptop wird immer langsamer
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (5)
  6. Laptop wird immer langsamer
    Log-Analyse und Auswertung - 24.10.2014 (10)
  7. Lollipop Virus auf Laptop , Laptop wird immer Langsamer! Deinstellieren fehlerhaft
    Log-Analyse und Auswertung - 03.02.2014 (3)
  8. Laptop Probleme - "Laptop stürzt ständig ab oder friert ein - wohl Virus :-("
    Mülltonne - 30.12.2013 (1)
  9. Laptop wird zu heiß und stürzt ab
    Netzwerk und Hardware - 06.04.2012 (2)
  10. Laptop stürzt ständig ab, VIRUS? =(
    Log-Analyse und Auswertung - 17.12.2011 (1)
  11. Laptop wird immer langsamer!
    Log-Analyse und Auswertung - 01.07.2011 (9)
  12. laptop wird immer langsamer
    Log-Analyse und Auswertung - 21.05.2011 (1)
  13. PC wird immer langsamer und stürzt dann ab...eventueller Virus?
    Log-Analyse und Auswertung - 06.11.2010 (1)
  14. Laptop Stürzt mit Bluescreen ab (ständig!)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2010 (0)
  15. Vista wird immer langsamer.
    Log-Analyse und Auswertung - 18.03.2009 (2)
  16. Rechner wird zusehends langsamer / Bitte um Hilfe
    Log-Analyse und Auswertung - 07.03.2009 (5)
  17. Pc wird langsamer, stürzt seit gestern ab
    Log-Analyse und Auswertung - 16.11.2008 (0)

Zum Thema Vista: Laptop wird zusehends langsamer und stürzt ständig ab - Hallo, Da ihr mir Anfang des Jahres schon so super weitergeholfen habt, wende ich mich diesmal gleich vertrauensvoll an euch. Ich hoffe nur dass ich hier im richtigen Unterthema gelandet - Vista: Laptop wird zusehends langsamer und stürzt ständig ab...
Archiv
Du betrachtest: Vista: Laptop wird zusehends langsamer und stürzt ständig ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.