| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GMER meldet "hidden rootkit activity" & Rechner langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2013, 00:57
| #1 |
 |  GMER meldet "hidden rootkit activity" & Rechner langsam Hallo liebes Anti-Trojaner-Team, nachdem ich gerade dabei bin, meinen PC neu aufzusetzen (Dank an Cosinus noch mal für die Hilfe!), habe ich nun auch evtl. Schwierigkeiten mit meinem Netbook.  Er ist relativ langsam & der Mozilla hakt immer wieder kurz (CPU oft bei 80-90% & Arbeitsspeicher voll, hab aber auch nur 1 GB RAM), das Netbook lief aber von Anfang an langsamer.Malwarebytes hat nichts gefunden, aber GMER meldete "hidden rootkit activity". Muss ich den Laptop nun auch neu aufsetzen? Ich hab die Anleitung abgearbeitet, hier kommen die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.08.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ... :: NETBOOK [Administrator] Schutz: Aktiviert 08.02.2013 17:25:29 mbam-log-2013-02-08 (17-25-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291574 Laufzeit: 2 Stunde(n), 34 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 2/8/2013 10:38:09 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 441.98 Mb Available Physical Memory | 43.58% Memory free 2.99 Gb Paging File | 1.98 Gb Available in Paging File | 66.13% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 56.31 Gb Free Space | 70.39% Space Free | Partition Type: NTFS Drive D: | 54.03 Gb Total Space | 43.04 Gb Free Space | 79.66% Space Free | Partition Type: NTFS Computer Name: NETBOOK | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013/02/08 17:10:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe PRC - [2013/02/05 14:59:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/26 15:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe PRC - [2012/11/26 15:09:20 | 000,659,040 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/06/29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010/06/09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010/06/04 03:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010/05/29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010/04/13 03:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/03/24 13:00:00 | 000,241,664 | ---- | M] () -- C:\Program Files\ZTE Join Air\AssistantServices.exe ========== Modules (No Company Name) ========== MOD - [2013/01/21 16:24:11 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll MOD - [2013/01/21 14:27:10 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013/01/21 14:27:07 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013/01/21 14:27:00 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013/01/21 14:24:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/21 14:24:09 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/21 14:22:53 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/21 14:22:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/21 14:22:30 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/21 14:21:55 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/06/24 17:31:07 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/06/24 17:31:07 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll MOD - [2010/03/16 02:48:46 | 000,148,816 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2013/02/08 16:48:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/06 22:16:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/26 15:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012/11/26 15:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009/03/24 13:00:00 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/04/27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/02/09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/13 03:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/04/13 03:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010/04/13 03:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/04/09 12:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbnet.sys -- (ZTEusbnet) DRV - [2009/04/09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009/04/09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/04/09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/04/09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/04/09 12:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2005/06/13 09:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes,DefaultScope = {CC0BF2FC-B6AD-4033-BB3D-147016CEB22D} IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{CC0BF2FC-B6AD-4033-BB3D-147016CEB22D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013/01/29 20:09:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 16:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2013/01/31 22:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions [2012/10/16 16:44:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012/05/19 09:20:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\en-US@dictionaries.addons.mozilla.org [2013/01/22 19:46:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\firefox@ghostery.com [2013/01/31 10:36:39 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/01/31 22:54:06 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/06 22:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/29 20:09:28 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013/02/06 22:16:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..Trusted Domains: secunia.com ([]https in Vertrauenswürdige Sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A1F17EB-9944-41B8-B902-3562B5878363}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF68EEF1-8832-40C0-A48F-CD51ED10B0FD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030/01/01 22:36:01 | 000,000,000 | -HSD | C] -- C:\Boot [2013/02/08 17:16:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe [2013/02/08 17:10:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013/02/08 17:03:47 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\pdfforge [2013/02/08 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013/02/06 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/05 16:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/02/05 16:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/01/29 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013/01/29 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013/01/29 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Secunia PSI [2013/01/29 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013/01/29 13:21:59 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes [2013/01/29 13:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/29 13:21:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/01/29 13:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/29 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Programs [2013/01/29 12:59:20 | 000,000,000 | ---D | C] -- C:\windows\System32\x64 [2013/01/24 14:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe ========== Files - Modified Within 30 Days ========== [2013/02/08 22:47:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/08 22:23:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/02/08 17:28:45 | 013,562,257 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1017.zip [2013/02/08 17:20:22 | 000,582,209 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe [2013/02/08 17:17:09 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe [2013/02/08 17:12:16 | 000,365,568 | ---- | M] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe [2013/02/08 17:10:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013/02/08 17:03:48 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013/02/08 12:31:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/08 12:31:55 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/08 12:24:00 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2013/02/08 12:23:14 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2013/02/05 18:08:14 | 000,644,310 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/02/05 18:08:14 | 000,607,634 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/02/05 18:08:14 | 000,126,580 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/02/05 18:08:14 | 000,103,754 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/02/05 16:25:56 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/02/05 16:19:15 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/02/05 13:30:54 | 000,002,286 | -H-- | M] () -- D:\...\Eigene Dokumente\Default.rdp [2013/01/29 19:48:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/29 19:43:08 | 000,000,932 | ---- | M] () -- C:\Users\...\Desktop\IrfanView.lnk [2013/01/29 19:40:33 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk [2013/01/29 16:32:03 | 000,001,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/01/29 13:21:46 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/29 13:06:40 | 000,272,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/01/24 14:59:16 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk ========== Files Created - No Company Name ========== [2030/01/01 22:36:02 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013/02/08 17:27:05 | 013,562,257 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1017.zip [2013/02/08 17:19:52 | 000,582,209 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe [2013/02/08 17:12:10 | 000,365,568 | ---- | C] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe [2013/02/08 17:03:48 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013/02/08 17:03:39 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2013/02/05 16:25:56 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/02/05 16:19:15 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/05 16:19:15 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/29 19:48:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/29 19:43:07 | 000,000,932 | ---- | C] () -- C:\Users\...\Desktop\IrfanView.lnk [2013/01/29 19:42:41 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/29 16:32:03 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/01/29 16:32:03 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/01/29 13:21:46 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/29 12:51:22 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/01/29 12:49:51 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/01/24 14:59:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/01/24 14:59:16 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/03/30 18:13:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2012/03/30 18:13:10 | 000,001,471 | ---- | C] () -- C:\windows\ODBCINST.INI [2012/01/19 19:48:26 | 000,061,678 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JPR.{PB [2012/01/19 19:48:26 | 000,012,358 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JCM.{PB [2011/12/14 10:48:47 | 000,065,536 | ---- | C] () -- C:\windows\System32\HPPLVS.dll [2011/12/13 00:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/07 16:23:31 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage [2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ASUS WebStorage [2011/02/04 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\E-Cam [2012/02/03 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\FileZilla [2011/12/30 01:42:31 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Foxit Software [2012/04/29 15:51:11 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\IrfanView [2011/12/13 13:37:35 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\JAM Software [2013/02/08 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\pdfforge [2013/02/08 02:39:11 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2012/11/26 12:52:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Swiss Academic Software [2011/02/04 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP [2012/10/18 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\VoipDiscount ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 2/8/2013 10:38:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014.18 Mb Total Physical Memory | 441.98 Mb Available Physical Memory | 43.58% Memory free
2.99 Gb Paging File | 1.98 Gb Available in Paging File | 66.13% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 56.31 Gb Free Space | 70.39% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 43.04 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
Computer Name: NETBOOK | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03386B1F-803A-4186-8DA4-D323B4071C9E}" = rport=139 | protocol=6 | dir=out | app=system |
"{14A6C1E0-851E-4969-8896-F9441085CF6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{205CE3F2-78DF-4DA9-8B46-609A5118BE24}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DD939B7-AAB7-483E-95D7-6F9BDF2BB99A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A6065F1-83C8-439B-BD83-70D2F82CB5C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4C4CDE39-CBA8-4F93-838D-2580F67AB958}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57369344-79A8-4092-A134-192392D9BCB1}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B28C47A-0ED4-4307-BBFC-448C13181989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FE02CD4-B385-4CD8-85CD-7DE53C93BEB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93EF180A-DC0C-4C4B-B3E9-E79B0DEA3649}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF78E807-09D9-490A-BEDB-239192A3CE47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C164C7A6-7062-494A-ABE7-95A9FBC3D231}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB34B017-5E1C-45A4-9040-36CDF7F601FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB0A60B-5A38-4AF5-9BF8-A5DA11A05BF3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1171A6D4-B8ED-4768-9E63-1879953FCAEE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{286DC0BC-9132-4FB2-A61C-881DFE9BC8D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{391A479A-30B5-4C56-9C20-793828867B9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BEACA52-A999-40E9-B412-B3321D83D6C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6208F3D2-72B6-4990-B6F6-0D807A9C6F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A80E8CDB-97AC-4F17-9F03-52CB09ECF51F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC3252B4-E1F6-4A61-ADB3-8D2FD16877B5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"TCP Query User{03FCA698-A1F5-4494-B668-728880C2E613}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
"TCP Query User{77038D20-2671-4CCC-B213-A7DE7F183F1D}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
"UDP Query User{AC10CA33-B936-4CE0-921B-AB47D8859A28}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
"UDP Query User{D8B7EA4E-8324-4870-8EDD-16F508C435B3}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Edraw Mind Map_is1" = Edraw Mind Map V4
"Eee Docking_is1" = Eee Docking 3.7.0
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.6
"VLC media player" = VLC media player 2.0.5
"VoipDiscount_is1" = VoipDiscount
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/21/2012 6:24:58 AM | Computer Name = Netbook | Source = Application Hang | ID = 1002
Description = Programm PDFCreator.exe, Version 1.2.0.3 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 160c Startzeit:
01cd97e306c78209 Endzeit: 78 Anwendungspfad: C:\Program Files\PDFCreator\PDFCreator.exe
Berichts-ID:
8bb9a07f-03d6-11e2-914d-20cf3057c295
Error - 9/21/2012 11:02:10 AM | Computer Name = Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.1.3.1201,
Zeitstempel: 0x4ed6f47d Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.7601.17514,
Zeitstempel: 0x4ce7b71c Ausnahmecode: 0xc0000409 Fehleroffset: 0x000ab772 ID des fehlerhaften
Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01cd9809f0b6161f Pfad der
fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
Berichtskennung:
50d7231b-03fd-11e2-914d-20cf3057c295
Error - 10/17/2012 6:33:11 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 10/24/2012 9:44:35 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error - 10/25/2012 8:13:41 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 11/24/2012 9:10:46 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11/26/2012 7:40:28 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 11/27/2012 4:57:33 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11/28/2012 3:59:09 PM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11/29/2012 9:51:47 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
[ System Events ]
Error - 2/7/2013 5:28:02 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 2/7/2013 5:28:32 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst BITS erreicht.
Error - 2/7/2013 5:28:32 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 2/7/2013 5:29:47 AM | Computer Name = Netbook | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 2/7/2013 7:26:58 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 2/7/2013 5:10:53 PM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 2/8/2013 7:24:45 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 2/8/2013 8:38:22 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 2/8/2013 8:38:22 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 2/8/2013 9:16:55 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-09 00:12:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002 149,05GB
Running: 2) gmer_2.0.18454.exe; Driver: C:\Users\...\AppData\Local\Temp\uwrdqpog.sys
---- System - GMER 2.0 ----
SSDT 87B30B06 ZwCreateSection
SSDT 87B30B10 ZwRequestWaitReplyPort
SSDT 87B30B0B ZwSetContextThread
SSDT 87B30B15 ZwSetSecurityObject
SSDT 87B30B1A ZwSystemDebugControl
SSDT 87B30AA7 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C50A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C8A4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81C9162C 4 Bytes [06, 0B, B3, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81C91988 4 Bytes [10, 0B, B3, 87] {ADC [EBX], CL; MOV BL, 0x87}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81C919CC 4 Bytes [0B, 0B, B3, 87] {OR ECX, [EBX]; MOV BL, 0x87}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81C91A48 4 Bytes [15, 0B, B3, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81C91A9C 4 Bytes JMP B30B1A81
.text ...
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtClose 770254C8 5 Bytes JMP 6A4BFFC0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtCreateFile 770255C8 5 Bytes JMP 6A4BEC96 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtCreateKey 77025608 5 Bytes JMP 6A4BB6DC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDeleteFile 77025808 5 Bytes JMP 6A4BEAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDeleteKey 77025818 5 Bytes JMP 6A4BAF5D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDeleteValueKey 77025848 5 Bytes JMP 6A4BB220 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtDuplicateObject 77025898 5 Bytes JMP 6A4C0096 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtEnumerateKey 770258E8 5 Bytes JMP 6A4BB001 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtEnumerateValueKey 77025918 5 Bytes JMP 6A4BB17A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtFlushKey 77025988 5 Bytes JMP 6A4BAFAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtNotifyChangeKey 77025C68 5 Bytes JMP 6A4BB2CE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtNotifyChangeMultipleKeys 77025C78 5 Bytes JMP 6A4BB35C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtOpenFile 77025CD8 5 Bytes JMP 6A4BEE21 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtOpenKey 77025D08 5 Bytes JMP 6A4BB5ED C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtOpenKeyEx 77025D18 5 Bytes JMP 6A4BB660 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryAttributesFile 77025F38 5 Bytes JMP 6A4BEB1E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryDirectoryFile 77025F98 5 Bytes JMP 6A4BD81E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryFullAttributesFile 77025FE8 5 Bytes JMP 6A4BEB8E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryKey 770260E8 5 Bytes JMP 6A4BB054 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryMultipleValueKey 77026108 5 Bytes JMP 6A4BB27B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryObject 77026128 5 Bytes JMP 6A4C00EC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQuerySecurityObject 770261A8 5 Bytes JMP 6A4C0030 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtQueryValueKey 77026248 5 Bytes JMP 6A4BB127 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtRenameKey 770263C8 5 Bytes JMP 6A4BB751 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetInformationFile 77026638 5 Bytes JMP 6A4BEBFE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetInformationKey 77026658 5 Bytes JMP 6A4BB0BA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetSecurityObject 77026758 5 Bytes JMP 6A4C0149 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ntdll.dll!NtSetValueKey 77026808 5 Bytes JMP 6A4BB1CD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!CreateProcessW 75A9204D 5 Bytes JMP 6A498C27 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!CreateProcessA 75A92082 5 Bytes JMP 6A498D65 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!CreateProcessAsUserW 75AC59FF 5 Bytes JMP 6A498F9B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!SetDllDirectoryW 75B1D783 5 Bytes JMP 6A49977C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!SetDllDirectoryA 75B1D82C 5 Bytes JMP 6A499AAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!WinExec 75B1EDAE 5 Bytes JMP 6A49931E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!AllocConsole 75B3C675 5 Bytes JMP 6A4C1210 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] kernel32.dll!AttachConsole 75B3C743 5 Bytes JMP 6A4C1222 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] USER32.dll!CreateWindowExA 75B7BF40 5 Bytes JMP 6A4C11E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] USER32.dll!CreateWindowExW 75B7EC7C 5 Bytes JMP 6A4C11F8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] GDI32.dll!AddFontResourceW 75A0EC13 5 Bytes JMP 6A4A6800 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] GDI32.dll!AddFontResourceA 75A0EFA7 5 Bytes JMP 6A4A67E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumDependentServicesW 77161E3A 7 Bytes JMP 6A4A956C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusExW 7716B466 7 Bytes JMP 6A4AA48D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceKeyNameW 771878FF 7 Bytes JMP 6A4A9C13 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceDisplayNameW 771879BB 7 Bytes JMP 6A4A9DC4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusExA 7718A3E2 7 Bytes JMP 6A4AA553 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!CreateProcessAsUserA 771A2538 5 Bytes JMP 6A4990DD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceKeyNameA 771C1B94 7 Bytes JMP 6A4A9CCB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!GetServiceDisplayNameA 771C1C31 7 Bytes JMP 6A4A9E7C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusA 771C2021 7 Bytes JMP 6A4AA3CF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumDependentServicesA 771C2104 7 Bytes JMP 6A4A9623 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ADVAPI32.dll!EnumServicesStatusW 771C2221 5 Bytes JMP 6A4AA311 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoRegisterPSClsid 75C4C56E 5 Bytes JMP 6A4AFFF5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoResumeClassObjects + 7 75C4EA09 7 Bytes JMP 6A4B05C6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleRun 75C507DE 5 Bytes JMP 6A4B0481 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoRegisterClassObject 75C521E1 5 Bytes JMP 6A4B10F6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleUninitialize 75C5EBA1 6 Bytes JMP 6A4B03A0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleInitialize 75C5EFD7 5 Bytes JMP 6A4B0330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoGetPSClsid 75C626B9 5 Bytes JMP 6A4B016D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoGetClassObject 75C754AD 5 Bytes JMP 6A4B1684 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoInitializeEx 75C809AD 5 Bytes JMP 6A4B01E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoUninitialize 75C886D3 5 Bytes JMP 6A4B0262 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoCreateInstance 75C89D0B 5 Bytes JMP 6A4B2952 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoCreateInstanceEx 75C89D4E 5 Bytes JMP 6A4B0A8D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoSuspendClassObjects + 7 75CABB09 7 Bytes JMP 6A4B04F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoRevokeClassObject 75CCEACF 5 Bytes JMP 6A4AFA52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!CoGetInstanceFromFile 75D0340B 5 Bytes JMP 6A4B1B44 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5832] ole32.dll!OleRegEnumFormatEtc 75D4CFD9 5 Bytes JMP 6A4B040B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtClose 770254C8 5 Bytes JMP 6A4BFFC0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtCreateFile 770255C8 5 Bytes JMP 6A4BEC96 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtCreateKey 77025608 5 Bytes JMP 6A4BB6DC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDeleteFile 77025808 5 Bytes JMP 6A4BEAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDeleteKey 77025818 5 Bytes JMP 6A4BAF5D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDeleteValueKey 77025848 5 Bytes JMP 6A4BB220 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtDuplicateObject 77025898 5 Bytes JMP 6A4C0096 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtEnumerateKey 770258E8 5 Bytes JMP 6A4BB001 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtEnumerateValueKey 77025918 5 Bytes JMP 6A4BB17A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtFlushKey 77025988 5 Bytes JMP 6A4BAFAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtNotifyChangeKey 77025C68 5 Bytes JMP 6A4BB2CE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtNotifyChangeMultipleKeys 77025C78 5 Bytes JMP 6A4BB35C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtOpenFile 77025CD8 5 Bytes JMP 6A4BEE21 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtOpenKey 77025D08 5 Bytes JMP 6A4BB5ED C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtOpenKeyEx 77025D18 5 Bytes JMP 6A4BB660 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryAttributesFile 77025F38 5 Bytes JMP 6A4BEB1E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryDirectoryFile 77025F98 5 Bytes JMP 6A4BD81E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryFullAttributesFile 77025FE8 5 Bytes JMP 6A4BEB8E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryKey 770260E8 5 Bytes JMP 6A4BB054 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryMultipleValueKey 77026108 5 Bytes JMP 6A4BB27B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryObject 77026128 5 Bytes JMP 6A4C00EC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQuerySecurityObject 770261A8 5 Bytes JMP 6A4C0030 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtQueryValueKey 77026248 5 Bytes JMP 6A4BB127 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtRenameKey 770263C8 5 Bytes JMP 6A4BB751 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetInformationFile 77026638 5 Bytes JMP 6A4BEBFE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetInformationKey 77026658 5 Bytes JMP 6A4BB0BA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetSecurityObject 77026758 5 Bytes JMP 6A4C0149 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ntdll.dll!NtSetValueKey 77026808 5 Bytes JMP 6A4BB1CD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!CreateProcessW 75A9204D 5 Bytes JMP 6A498C27 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!CreateProcessA 75A92082 5 Bytes JMP 6A498D65 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!CreateProcessAsUserW 75AC59FF 5 Bytes JMP 6A498F9B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!SetDllDirectoryW 75B1D783 5 Bytes JMP 6A49977C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!SetDllDirectoryA 75B1D82C 5 Bytes JMP 6A499AAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!WinExec 75B1EDAE 5 Bytes JMP 6A49931E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!AllocConsole 75B3C675 5 Bytes JMP 6A4C1210 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] kernel32.dll!AttachConsole 75B3C743 5 Bytes JMP 6A4C1222 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] USER32.dll!CreateWindowExA 75B7BF40 5 Bytes JMP 6A4C11E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] USER32.dll!CreateWindowExW 75B7EC7C 5 Bytes JMP 6A4C11F8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] GDI32.dll!AddFontResourceW 75A0EC13 5 Bytes JMP 6A4A6800 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] GDI32.dll!AddFontResourceA 75A0EFA7 5 Bytes JMP 6A4A67E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumDependentServicesW 77161E3A 7 Bytes JMP 6A4A956C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusExW 7716B466 7 Bytes JMP 6A4AA48D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceKeyNameW 771878FF 7 Bytes JMP 6A4A9C13 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceDisplayNameW 771879BB 7 Bytes JMP 6A4A9DC4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusExA 7718A3E2 7 Bytes JMP 6A4AA553 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!CreateProcessAsUserA 771A2538 5 Bytes JMP 6A4990DD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceKeyNameA 771C1B94 7 Bytes JMP 6A4A9CCB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!GetServiceDisplayNameA 771C1C31 7 Bytes JMP 6A4A9E7C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusA 771C2021 7 Bytes JMP 6A4AA3CF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumDependentServicesA 771C2104 7 Bytes JMP 6A4A9623 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ADVAPI32.dll!EnumServicesStatusW 771C2221 5 Bytes JMP 6A4AA311 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoRegisterPSClsid 75C4C56E 5 Bytes JMP 6A4AFFF5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoResumeClassObjects + 7 75C4EA09 7 Bytes JMP 6A4B05C6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleRun 75C507DE 5 Bytes JMP 6A4B0481 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoRegisterClassObject 75C521E1 5 Bytes JMP 6A4B10F6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleUninitialize 75C5EBA1 6 Bytes JMP 6A4B03A0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleInitialize 75C5EFD7 5 Bytes JMP 6A4B0330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoGetPSClsid 75C626B9 5 Bytes JMP 6A4B016D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoGetClassObject 75C754AD 5 Bytes JMP 6A4B1684 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoInitializeEx 75C809AD 5 Bytes JMP 6A4B01E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoUninitialize 75C886D3 5 Bytes JMP 6A4B0262 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoCreateInstance 75C89D0B 5 Bytes JMP 6A4B2952 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoCreateInstanceEx 75C89D4E 5 Bytes JMP 6A4B0A8D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoSuspendClassObjects + 7 75CABB09 7 Bytes JMP 6A4B04F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoRevokeClassObject 75CCEACF 5 Bytes JMP 6A4AFA52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!CoGetInstanceFromFile 75D0340B 5 Bytes JMP 6A4B1B44 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140066.deu\Office14\MSOSYNC.EXE[6016] ole32.dll!OleRegEnumFormatEtc 75D4CFD9 5 Bytes JMP 6A4B040B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
---- Processes - GMER 2.0 ----
Library Q:\140066.deu\Office14\MSOSYNC.EXE (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016] 0x2DD50000
Library Q:\140066.deu\Office14\1031\ospintl.dll (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016] 0x725C0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016] 0x6A2B0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016] 0x71000000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft (*** hidden *** ) @ Q:\140066.deu\Office14\MSOSYNC.EXE [6016] 0x69F60000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6048c8d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6048c8d (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{3FBE69D4-2B6D-11E0-9C0E-806E6F6E6963} 1143933280
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
---- EOF - GMER 2.0 ----
 Vielen Dank im Voraus! lg, me. Geändert von help me (09.02.2013 um 01:05 Uhr) |
|
11.02.2013, 10:10
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GMER meldet "hidden rootkit activity" & Rechner langsam Hallo,
__________________Zitat:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
11.02.2013, 12:33
| #3 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus,
__________________vielen Dank, dass Du Dich meines Problems annimmst!  Q: ist ein vorinstalliertes "Microsoft Office-Klick-und-Los 2010". Wenn ich das richtig verstanden habe, soll es damit schneller gehen & weniger Speicherplatz verbrauchen, die Office Vollversion (bisher ist nur Office 2010 Starter vorinstalliert) herunterzuladen bzw. zu aktivieren. Wenn es nach mir geht, könnte man das Q-Laufwerk aber gerne plätten, ich hab eh überlegt, das zu deinstallieren. Ich hab das Malwarebytes Anti-Rootkit laufen lassen, ein Neustart war nicht erforderlich & es wurde wohl auch nichts gefunden. Hier ist die Log-Datei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.11.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
... :: NETBOOK [administrator]
11.02.2013 12:20:59
mbar-log-2013-02-11 (12-20-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27369
Time elapsed: 24 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
11.02.2013, 12:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsam Ok, dann bitte jetzt Logs mit aswMBR und TDSS-Killer erstellen: Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2013, 14:05
| #5 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus, beim ersten Mal ist aswMBR mit Bluescreen abgestürzt (hatte alles nach Anleitung gemacht). Beim zweiten Mal hat es geklappt - er hat allerdings nicht noch einmal das Update angeboten, ich geh also davon aus, dass er das beim 1. Mal geladene Update benutzen konnte. Hier das Logfile: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-11 13:33:40
-----------------------------
13:33:40.368 OS Version: Windows 6.1.7601 Service Pack 1
13:33:40.368 Number of processors: 2 586 0x1C0A
13:33:40.384 ComputerName: NETBOOK UserName: ...
13:34:58.805 Initialize success
13:35:32.860 AVAST engine defs: 13021100
13:39:03.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:39:03.476 Disk 0 Vendor: ST916031 0002 Size: 152627MB BusType: 3
13:39:03.523 Disk 0 MBR read successfully
13:39:03.538 Disk 0 MBR scan
13:39:03.663 Disk 0 Windows 7 default MBR code
13:39:03.679 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81921 MB offset 2048
13:39:03.757 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 167776256
13:39:03.804 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 55325 MB offset 199233536
13:39:03.866 Disk 0 Partition 4 00 EF EFI FAT 20 MB offset 312539136
13:39:03.928 Disk 0 scanning sectors +312581808
13:39:04.178 Disk 0 scanning C:\windows\system32\drivers
13:39:30.265 Service scanning
13:40:20.466 Modules scanning
13:40:35.161 Disk 0 trace - called modules:
13:40:35.239 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
13:40:35.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c51948]
13:40:35.317 3 CLASSPNP.SYS[8699959e] -> nt!IofCallDriver -> [0x8423ce98]
13:40:35.348 5 ACPI.sys[862a03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83e47028]
13:40:36.081 AVAST engine scan C:\windows
13:40:39.966 AVAST engine scan C:\windows\system32
13:46:46.987 AVAST engine scan C:\windows\system32\drivers
13:47:19.997 AVAST engine scan C:\Users\...
13:49:01.631 AVAST engine scan C:\ProgramData
13:49:51.941 Scan finished successfully
13:50:35.356 Disk 0 MBR has been saved successfully to "C:\Users\...\Desktop\Logs\Original\MBR.dat"
13:50:35.387 The log file has been saved successfully to "C:\Users\...\Desktop\Logs\Original\aswMBR.txt"
Code:
ATTFilter 13:55:44.0440 4364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:55:44.0518 4364 ============================================================
13:55:44.0518 4364 Current date / time: 2013/02/11 13:55:44.0518
13:55:44.0518 4364 SystemInfo:
13:55:44.0518 4364
13:55:44.0518 4364 OS Version: 6.1.7601 ServicePack: 1.0
13:55:44.0518 4364 Product type: Workstation
13:55:44.0518 4364 ComputerName: NETBOOK
13:55:44.0518 4364 UserName: ...
13:55:44.0518 4364 Windows directory: C:\windows
13:55:44.0518 4364 System windows directory: C:\windows
13:55:44.0518 4364 Processor architecture: Intel x86
13:55:44.0518 4364 Number of processors: 2
13:55:44.0518 4364 Page size: 0x1000
13:55:44.0518 4364 Boot type: Normal boot
13:55:44.0518 4364 ============================================================
13:55:46.0374 4364 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:55:46.0390 4364 ============================================================
13:55:46.0390 4364 \Device\Harddisk0\DR0:
13:55:46.0390 4364 MBR partitions:
13:55:46.0390 4364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000800
13:55:46.0390 4364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBE01000, BlocksNum 0x6C0E800
13:55:46.0390 4364 ============================================================
13:55:46.0436 4364 C: <-> \Device\Harddisk0\DR0\Partition1
13:55:46.0468 4364 D: <-> \Device\Harddisk0\DR0\Partition2
13:55:46.0733 4364 ============================================================
13:55:46.0733 4364 Initialize success
13:55:46.0733 4364 ============================================================
13:55:56.0545 2976 ============================================================
13:55:56.0545 2976 Scan started
13:55:56.0545 2976 Mode: Manual; SigCheck; TDLFS;
13:55:56.0545 2976 ============================================================
13:55:56.0998 2976 ================ Scan system memory ========================
13:55:56.0998 2976 System memory - ok
13:55:56.0998 2976 ================ Scan services =============================
13:55:57.0263 2976 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:55:57.0559 2976 1394ohci - ok
13:55:57.0637 2976 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:55:57.0715 2976 ACPI - ok
13:55:57.0746 2976 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:55:57.0871 2976 AcpiPmi - ok
13:55:58.0058 2976 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:55:58.0121 2976 AdobeARMservice - ok
13:55:58.0246 2976 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:55:58.0324 2976 AdobeFlashPlayerUpdateSvc - ok
13:55:58.0433 2976 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:55:58.0558 2976 adp94xx - ok
13:55:58.0604 2976 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:55:58.0682 2976 adpahci - ok
13:55:58.0745 2976 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:55:58.0792 2976 adpu320 - ok
13:55:58.0870 2976 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:55:58.0948 2976 AeLookupSvc - ok
13:55:59.0026 2976 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
13:55:59.0119 2976 AFD - ok
13:55:59.0197 2976 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
13:55:59.0244 2976 agp440 - ok
13:55:59.0291 2976 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
13:55:59.0353 2976 aic78xx - ok
13:55:59.0400 2976 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
13:55:59.0509 2976 ALG - ok
13:55:59.0556 2976 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
13:55:59.0618 2976 aliide - ok
13:55:59.0650 2976 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
13:55:59.0712 2976 amdagp - ok
13:55:59.0774 2976 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
13:55:59.0821 2976 amdide - ok
13:55:59.0868 2976 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:55:59.0962 2976 AmdK8 - ok
13:56:00.0008 2976 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:56:00.0102 2976 AmdPPM - ok
13:56:00.0149 2976 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
13:56:00.0227 2976 amdsata - ok
13:56:00.0274 2976 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:56:00.0336 2976 amdsbs - ok
13:56:00.0383 2976 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:56:00.0445 2976 amdxata - ok
13:56:00.0539 2976 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:56:00.0617 2976 AntiVirSchedulerService - ok
13:56:00.0695 2976 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:56:00.0742 2976 AntiVirService - ok
13:56:00.0804 2976 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
13:56:01.0007 2976 AppID - ok
13:56:01.0054 2976 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:56:01.0178 2976 AppIDSvc - ok
13:56:01.0225 2976 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
13:56:01.0366 2976 Appinfo - ok
13:56:01.0428 2976 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
13:56:01.0475 2976 arc - ok
13:56:01.0522 2976 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:56:01.0584 2976 arcsas - ok
13:56:01.0646 2976 [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
13:56:01.0709 2976 AsUpIO - ok
13:56:01.0756 2976 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
13:56:01.0802 2976 AsusService ( UnsignedFile.Multi.Generic ) - warning
13:56:01.0802 2976 AsusService - detected UnsignedFile.Multi.Generic (1)
13:56:01.0849 2976 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:56:02.0036 2976 AsyncMac - ok
13:56:02.0114 2976 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
13:56:02.0177 2976 atapi - ok
13:56:02.0317 2976 [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr C:\windows\system32\DRIVERS\athr.sys
13:56:02.0598 2976 athr - ok
13:56:02.0676 2976 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:56:02.0801 2976 AudioEndpointBuilder - ok
13:56:02.0863 2976 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
13:56:03.0004 2976 Audiosrv - ok
13:56:03.0082 2976 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
13:56:03.0144 2976 avgntflt - ok
13:56:03.0191 2976 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
13:56:03.0253 2976 avipbb - ok
13:56:03.0284 2976 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
13:56:03.0331 2976 avkmgr - ok
13:56:03.0409 2976 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
13:56:03.0534 2976 AxInstSV - ok
13:56:03.0612 2976 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
13:56:03.0690 2976 b06bdrv - ok
13:56:03.0721 2976 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
13:56:03.0784 2976 b57nd60x - ok
13:56:03.0846 2976 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
13:56:03.0940 2976 BDESVC - ok
13:56:03.0986 2976 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
13:56:04.0142 2976 Beep - ok
13:56:04.0236 2976 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
13:56:04.0423 2976 BFE - ok
13:56:04.0548 2976 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
13:56:04.0735 2976 BITS - ok
13:56:04.0782 2976 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:56:04.0860 2976 blbdrive - ok
13:56:04.0922 2976 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:56:05.0016 2976 bowser - ok
13:56:05.0047 2976 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:56:05.0156 2976 BrFiltLo - ok
13:56:05.0203 2976 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:56:05.0297 2976 BrFiltUp - ok
13:56:05.0375 2976 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
13:56:05.0453 2976 Browser - ok
13:56:05.0515 2976 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:56:05.0609 2976 Brserid - ok
13:56:05.0640 2976 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:56:05.0749 2976 BrSerWdm - ok
13:56:05.0780 2976 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:56:05.0874 2976 BrUsbMdm - ok
13:56:05.0905 2976 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:56:05.0968 2976 BrUsbSer - ok
13:56:06.0046 2976 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
13:56:06.0124 2976 BthEnum - ok
13:56:06.0186 2976 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:56:06.0248 2976 BTHMODEM - ok
13:56:06.0295 2976 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
13:56:06.0373 2976 BthPan - ok
13:56:06.0467 2976 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
13:56:06.0545 2976 BTHPORT - ok
13:56:06.0623 2976 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
13:56:06.0763 2976 bthserv - ok
13:56:06.0826 2976 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
13:56:06.0888 2976 BTHUSB - ok
13:56:06.0919 2976 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\windows\system32\drivers\btusbflt.sys
13:56:06.0950 2976 btusbflt - ok
13:56:06.0982 2976 btwaudio - ok
13:56:07.0013 2976 btwavdt - ok
13:56:07.0028 2976 btwl2cap - ok
13:56:07.0075 2976 btwrchid - ok
13:56:07.0122 2976 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:56:07.0262 2976 cdfs - ok
13:56:07.0340 2976 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:56:07.0403 2976 cdrom - ok
13:56:07.0481 2976 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
13:56:07.0652 2976 CertPropSvc - ok
13:56:07.0730 2976 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:56:07.0840 2976 circlass - ok
13:56:07.0886 2976 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
13:56:07.0964 2976 CLFS - ok
13:56:08.0058 2976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:56:08.0120 2976 clr_optimization_v2.0.50727_32 - ok
13:56:08.0167 2976 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:56:08.0276 2976 CmBatt - ok
13:56:08.0354 2976 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
13:56:08.0401 2976 cmdide - ok
13:56:08.0448 2976 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\windows\system32\Drivers\cng.sys
13:56:08.0542 2976 CNG - ok
13:56:08.0588 2976 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:56:08.0635 2976 Compbatt - ok
13:56:08.0698 2976 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
13:56:08.0760 2976 CompositeBus - ok
13:56:08.0807 2976 COMSysApp - ok
13:56:08.0854 2976 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:56:08.0900 2976 crcdisk - ok
13:56:08.0963 2976 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
13:56:09.0025 2976 CryptSvc - ok
13:56:09.0166 2976 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:56:09.0275 2976 cvhsvc - ok
13:56:09.0353 2976 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
13:56:09.0478 2976 DcomLaunch - ok
13:56:09.0524 2976 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
13:56:09.0665 2976 defragsvc - ok
13:56:09.0727 2976 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:56:09.0836 2976 DfsC - ok
13:56:09.0946 2976 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
13:56:10.0055 2976 Dhcp - ok
13:56:10.0117 2976 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
13:56:10.0226 2976 discache - ok
13:56:10.0289 2976 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
13:56:10.0336 2976 Disk - ok
13:56:10.0398 2976 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:56:10.0476 2976 Dnscache - ok
13:56:10.0554 2976 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
13:56:10.0694 2976 dot3svc - ok
13:56:10.0741 2976 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
13:56:11.0053 2976 DPS - ok
13:56:11.0100 2976 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:56:11.0162 2976 drmkaud - ok
13:56:11.0256 2976 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:56:11.0350 2976 DXGKrnl - ok
13:56:11.0428 2976 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
13:56:11.0552 2976 EapHost - ok
13:56:11.0724 2976 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
13:56:11.0958 2976 ebdrv - ok
13:56:12.0020 2976 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
13:56:12.0083 2976 EFS - ok
13:56:12.0161 2976 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:56:12.0223 2976 elxstor - ok
13:56:12.0286 2976 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
13:56:12.0348 2976 ErrDev - ok
13:56:12.0442 2976 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
13:56:12.0566 2976 EventSystem - ok
13:56:12.0613 2976 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
13:56:12.0722 2976 exfat - ok
13:56:12.0769 2976 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
13:56:12.0894 2976 fastfat - ok
13:56:12.0956 2976 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
13:56:13.0081 2976 Fax - ok
13:56:13.0128 2976 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:56:13.0190 2976 fdc - ok
13:56:13.0253 2976 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
13:56:13.0378 2976 fdPHost - ok
13:56:13.0409 2976 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
13:56:13.0502 2976 FDResPub - ok
13:56:13.0534 2976 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:56:13.0596 2976 FileInfo - ok
13:56:13.0627 2976 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:56:13.0736 2976 Filetrace - ok
13:56:13.0783 2976 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:56:13.0830 2976 flpydisk - ok
13:56:13.0861 2976 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:56:13.0908 2976 FltMgr - ok
13:56:14.0033 2976 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
13:56:14.0204 2976 FontCache - ok
13:56:14.0314 2976 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:56:14.0376 2976 FontCache3.0.0.0 - ok
13:56:14.0407 2976 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:56:14.0470 2976 FsDepends - ok
13:56:14.0501 2976 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:56:14.0563 2976 Fs_Rec - ok
13:56:14.0626 2976 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:56:14.0704 2976 fvevol - ok
13:56:14.0750 2976 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:56:14.0813 2976 gagp30kx - ok
13:56:14.0860 2976 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
13:56:15.0031 2976 gpsvc - ok
13:56:15.0062 2976 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:56:15.0140 2976 hcw85cir - ok
13:56:15.0218 2976 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:56:15.0296 2976 HdAudAddService - ok
13:56:15.0359 2976 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
13:56:15.0437 2976 HDAudBus - ok
13:56:15.0468 2976 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:56:15.0546 2976 HidBatt - ok
13:56:15.0577 2976 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:56:15.0655 2976 HidBth - ok
13:56:15.0671 2976 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:56:15.0764 2976 HidIr - ok
13:56:15.0811 2976 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
13:56:15.0936 2976 hidserv - ok
13:56:15.0998 2976 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:56:16.0061 2976 HidUsb - ok
13:56:16.0108 2976 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
13:56:16.0248 2976 hkmsvc - ok
13:56:16.0310 2976 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:56:16.0420 2976 HomeGroupListener - ok
13:56:16.0466 2976 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:56:16.0560 2976 HomeGroupProvider - ok
13:56:16.0622 2976 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:56:16.0669 2976 HpSAMD - ok
13:56:16.0732 2976 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:56:16.0903 2976 HTTP - ok
13:56:16.0950 2976 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:56:17.0012 2976 hwpolicy - ok
13:56:17.0075 2976 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
13:56:17.0153 2976 i8042prt - ok
13:56:17.0231 2976 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:56:17.0324 2976 IAANTMON - ok
13:56:17.0387 2976 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
13:56:17.0449 2976 iaStor - ok
13:56:17.0496 2976 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:56:17.0574 2976 iaStorV - ok
13:56:17.0668 2976 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:56:17.0792 2976 idsvc - ok
13:56:18.0011 2976 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
13:56:18.0370 2976 igfx - ok
13:56:18.0432 2976 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:56:18.0479 2976 iirsp - ok
13:56:18.0557 2976 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
13:56:18.0744 2976 IKEEXT - ok
13:56:18.0947 2976 [ BF9866875EDF86AAE24DD8BD9418DEFF ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
13:56:19.0228 2976 IntcAzAudAddService - ok
13:56:19.0259 2976 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
13:56:19.0290 2976 intelide - ok
13:56:19.0353 2976 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:56:19.0399 2976 intelppm - ok
13:56:19.0462 2976 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:56:19.0602 2976 IPBusEnum - ok
13:56:19.0633 2976 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:56:19.0789 2976 IpFilterDriver - ok
13:56:19.0899 2976 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:56:20.0039 2976 iphlpsvc - ok
13:56:20.0086 2976 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:56:20.0179 2976 IPMIDRV - ok
13:56:20.0211 2976 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:56:20.0351 2976 IPNAT - ok
13:56:20.0413 2976 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
13:56:20.0507 2976 IRENUM - ok
13:56:20.0554 2976 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:56:20.0616 2976 isapnp - ok
13:56:20.0679 2976 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:56:20.0788 2976 iScsiPrt - ok
13:56:20.0850 2976 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
13:56:20.0913 2976 kbdclass - ok
13:56:20.0944 2976 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:56:21.0006 2976 kbdhid - ok
13:56:21.0084 2976 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
13:56:21.0115 2976 kbfiltr - ok
13:56:21.0147 2976 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
13:56:21.0193 2976 KeyIso - ok
13:56:21.0225 2976 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:56:21.0271 2976 KSecDD - ok
13:56:21.0318 2976 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:56:21.0365 2976 KSecPkg - ok
13:56:21.0412 2976 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
13:56:21.0537 2976 KtmRm - ok
13:56:21.0583 2976 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
13:56:21.0646 2976 L1C - ok
13:56:21.0708 2976 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
13:56:21.0849 2976 LanmanServer - ok
13:56:21.0880 2976 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:56:22.0005 2976 LanmanWorkstation - ok
13:56:22.0067 2976 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:56:22.0207 2976 lltdio - ok
13:56:22.0254 2976 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
13:56:22.0410 2976 lltdsvc - ok
13:56:22.0441 2976 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
13:56:22.0566 2976 lmhosts - ok
13:56:22.0629 2976 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:56:22.0691 2976 LSI_FC - ok
13:56:22.0722 2976 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:56:22.0785 2976 LSI_SAS - ok
13:56:22.0800 2976 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:56:22.0863 2976 LSI_SAS2 - ok
13:56:22.0894 2976 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:56:22.0956 2976 LSI_SCSI - ok
13:56:23.0003 2976 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
13:56:23.0112 2976 luafv - ok
13:56:23.0159 2976 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\windows\system32\DRIVERS\massfilter.sys
13:56:23.0253 2976 massfilter - ok
13:56:23.0315 2976 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
13:56:23.0362 2976 MBAMProtector - ok
13:56:23.0424 2976 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:56:23.0502 2976 MBAMScheduler - ok
13:56:23.0565 2976 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:56:23.0658 2976 MBAMService - ok
13:56:23.0721 2976 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:56:23.0767 2976 megasas - ok
13:56:23.0830 2976 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:56:23.0892 2976 MegaSR - ok
13:56:23.0939 2976 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
13:56:24.0079 2976 MMCSS - ok
13:56:24.0095 2976 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
13:56:24.0235 2976 Modem - ok
13:56:24.0282 2976 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:56:24.0360 2976 monitor - ok
13:56:24.0407 2976 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:56:24.0469 2976 mouclass - ok
13:56:24.0501 2976 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:56:24.0579 2976 mouhid - ok
13:56:24.0657 2976 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:56:24.0703 2976 mountmgr - ok
13:56:24.0781 2976 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:56:24.0828 2976 MozillaMaintenance - ok
13:56:24.0891 2976 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
13:56:24.0937 2976 mpio - ok
13:56:25.0000 2976 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:56:25.0125 2976 mpsdrv - ok
13:56:25.0203 2976 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
13:56:25.0374 2976 MpsSvc - ok
13:56:25.0421 2976 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:56:25.0515 2976 MRxDAV - ok
13:56:25.0577 2976 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:56:25.0686 2976 mrxsmb - ok
13:56:25.0733 2976 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:56:25.0827 2976 mrxsmb10 - ok
13:56:25.0858 2976 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:56:25.0936 2976 mrxsmb20 - ok
13:56:25.0983 2976 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
13:56:26.0045 2976 msahci - ok
13:56:26.0076 2976 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:56:26.0139 2976 msdsm - ok
13:56:26.0170 2976 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
13:56:26.0263 2976 MSDTC - ok
13:56:26.0310 2976 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
13:56:26.0435 2976 Msfs - ok
13:56:26.0482 2976 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:56:26.0622 2976 mshidkmdf - ok
13:56:26.0653 2976 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:56:26.0716 2976 msisadrv - ok
13:56:26.0763 2976 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:56:26.0903 2976 MSiSCSI - ok
13:56:26.0919 2976 msiserver - ok
13:56:26.0981 2976 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:56:27.0121 2976 MSKSSRV - ok
13:56:27.0137 2976 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:56:27.0293 2976 MSPCLOCK - ok
13:56:27.0309 2976 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:56:27.0433 2976 MSPQM - ok
13:56:27.0480 2976 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:56:27.0543 2976 MsRPC - ok
13:56:27.0605 2976 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
13:56:27.0667 2976 mssmbios - ok
13:56:27.0699 2976 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:56:27.0839 2976 MSTEE - ok
13:56:27.0855 2976 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:56:27.0917 2976 MTConfig - ok
13:56:27.0964 2976 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
13:56:28.0011 2976 Mup - ok
13:56:28.0089 2976 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
13:56:28.0245 2976 napagent - ok
13:56:28.0323 2976 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:56:28.0416 2976 NativeWifiP - ok
13:56:28.0494 2976 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
13:56:28.0603 2976 NDIS - ok
13:56:28.0666 2976 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:56:28.0791 2976 NdisCap - ok
13:56:28.0822 2976 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:56:28.0947 2976 NdisTapi - ok
13:56:29.0025 2976 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:56:29.0134 2976 Ndisuio - ok
13:56:29.0196 2976 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:56:29.0337 2976 NdisWan - ok
13:56:29.0368 2976 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:56:29.0493 2976 NDProxy - ok
13:56:29.0555 2976 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
13:56:29.0571 2976 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:56:29.0571 2976 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:56:29.0617 2976 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:56:29.0758 2976 NetBIOS - ok
13:56:29.0805 2976 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:56:29.0961 2976 NetBT - ok
13:56:29.0992 2976 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
13:56:30.0054 2976 Netlogon - ok
13:56:30.0101 2976 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
13:56:30.0273 2976 Netman - ok
13:56:30.0319 2976 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
13:56:30.0491 2976 netprofm - ok
13:56:30.0538 2976 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:56:30.0585 2976 NetTcpPortSharing - ok
13:56:30.0631 2976 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:56:30.0694 2976 nfrd960 - ok
13:56:30.0741 2976 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
13:56:30.0819 2976 NlaSvc - ok
13:56:30.0865 2976 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
13:56:30.0975 2976 Npfs - ok
13:56:31.0021 2976 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
13:56:31.0162 2976 nsi - ok
13:56:31.0193 2976 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:56:31.0318 2976 nsiproxy - ok
13:56:31.0443 2976 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:56:31.0599 2976 Ntfs - ok
13:56:31.0645 2976 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
13:56:31.0786 2976 Null - ok
13:56:31.0833 2976 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
13:56:31.0895 2976 nvraid - ok
13:56:31.0926 2976 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
13:56:31.0989 2976 nvstor - ok
13:56:32.0035 2976 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:56:32.0082 2976 nv_agp - ok
13:56:32.0113 2976 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:56:32.0191 2976 ohci1394 - ok
13:56:32.0223 2976 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:56:32.0285 2976 ose - ok
13:56:32.0488 2976 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:56:32.0893 2976 osppsvc - ok
13:56:33.0096 2976 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:56:33.0221 2976 p2pimsvc - ok
13:56:33.0252 2976 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
13:56:33.0361 2976 p2psvc - ok
13:56:33.0408 2976 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
13:56:33.0486 2976 Parport - ok
13:56:33.0533 2976 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
13:56:33.0595 2976 partmgr - ok
13:56:33.0627 2976 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
13:56:33.0705 2976 Parvdm - ok
13:56:33.0736 2976 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
13:56:33.0829 2976 PcaSvc - ok
13:56:33.0876 2976 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
13:56:33.0939 2976 pci - ok
13:56:33.0970 2976 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
13:56:34.0032 2976 pciide - ok
13:56:34.0063 2976 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:56:34.0126 2976 pcmcia - ok
13:56:34.0141 2976 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
13:56:34.0204 2976 pcw - ok
13:56:34.0251 2976 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:56:34.0438 2976 PEAUTH - ok
13:56:34.0594 2976 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
13:56:34.0828 2976 pla - ok
13:56:34.0890 2976 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:56:35.0015 2976 PlugPlay - ok
13:56:35.0046 2976 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
13:56:35.0093 2976 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:56:35.0093 2976 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:56:35.0140 2976 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:56:35.0218 2976 PNRPAutoReg - ok
13:56:35.0265 2976 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:56:35.0343 2976 PNRPsvc - ok
13:56:35.0405 2976 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:56:35.0561 2976 PolicyAgent - ok
13:56:35.0623 2976 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
13:56:35.0764 2976 Power - ok
13:56:35.0811 2976 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:56:35.0951 2976 PptpMiniport - ok
13:56:36.0013 2976 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
13:56:36.0107 2976 Processor - ok
13:56:36.0169 2976 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
13:56:36.0263 2976 ProfSvc - ok
13:56:36.0294 2976 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
13:56:36.0341 2976 ProtectedStorage - ok
13:56:36.0403 2976 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:56:36.0528 2976 Psched - ok
13:56:36.0591 2976 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
13:56:36.0637 2976 PSI - ok
13:56:36.0715 2976 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:56:36.0887 2976 ql2300 - ok
13:56:36.0903 2976 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:56:36.0981 2976 ql40xx - ok
13:56:37.0027 2976 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
13:56:37.0137 2976 QWAVE - ok
13:56:37.0168 2976 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:56:37.0246 2976 QWAVEdrv - ok
13:56:37.0277 2976 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:56:37.0417 2976 RasAcd - ok
13:56:37.0464 2976 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:56:37.0573 2976 RasAgileVpn - ok
13:56:37.0620 2976 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
13:56:37.0761 2976 RasAuto - ok
13:56:37.0792 2976 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:56:37.0917 2976 Rasl2tp - ok
13:56:37.0995 2976 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
13:56:38.0151 2976 RasMan - ok
13:56:38.0197 2976 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:56:38.0338 2976 RasPppoe - ok
13:56:38.0400 2976 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:56:38.0525 2976 RasSstp - ok
13:56:38.0572 2976 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:56:38.0712 2976 rdbss - ok
13:56:38.0743 2976 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:56:38.0837 2976 rdpbus - ok
13:56:38.0899 2976 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:56:39.0024 2976 RDPCDD - ok
13:56:39.0071 2976 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:56:39.0211 2976 RDPENCDD - ok
13:56:39.0258 2976 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:56:39.0367 2976 RDPREFMP - ok
13:56:39.0461 2976 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
13:56:39.0523 2976 RdpVideoMiniport - ok
13:56:39.0570 2976 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:56:39.0648 2976 RDPWD - ok
13:56:39.0726 2976 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:56:39.0789 2976 rdyboost - ok
13:56:39.0820 2976 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
13:56:39.0960 2976 RemoteAccess - ok
13:56:40.0007 2976 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:56:40.0147 2976 RemoteRegistry - ok
13:56:40.0210 2976 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
13:56:40.0303 2976 RFCOMM - ok
13:56:40.0350 2976 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:56:40.0506 2976 RpcEptMapper - ok
13:56:40.0537 2976 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
13:56:40.0631 2976 RpcLocator - ok
13:56:40.0693 2976 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
13:56:40.0818 2976 RpcSs - ok
13:56:40.0881 2976 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:56:41.0021 2976 rspndr - ok
13:56:41.0052 2976 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
13:56:41.0115 2976 SamSs - ok
13:56:41.0146 2976 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:56:41.0208 2976 sbp2port - ok
13:56:41.0255 2976 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
13:56:41.0411 2976 SCardSvr - ok
13:56:41.0458 2976 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:56:41.0598 2976 scfilter - ok
13:56:41.0661 2976 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
13:56:41.0832 2976 Schedule - ok
13:56:41.0863 2976 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
13:56:41.0973 2976 SCPolicySvc - ok
13:56:42.0035 2976 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:56:42.0129 2976 SDRSVC - ok
13:56:42.0175 2976 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:56:42.0316 2976 secdrv - ok
13:56:42.0363 2976 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
13:56:42.0503 2976 seclogon - ok
13:56:42.0643 2976 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:56:42.0784 2976 Secunia PSI Agent - ok
13:56:42.0831 2976 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:56:42.0940 2976 Secunia Update Agent - ok
13:56:42.0971 2976 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
13:56:43.0127 2976 SENS - ok
13:56:43.0174 2976 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:56:43.0236 2976 Serenum - ok
13:56:43.0267 2976 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:56:43.0345 2976 Serial - ok
13:56:43.0377 2976 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:56:43.0455 2976 sermouse - ok
13:56:43.0533 2976 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
13:56:43.0673 2976 SessionEnv - ok
13:56:43.0720 2976 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:56:43.0798 2976 sffdisk - ok
13:56:43.0845 2976 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:56:43.0907 2976 sffp_mmc - ok
13:56:43.0923 2976 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:56:44.0016 2976 sffp_sd - ok
13:56:44.0063 2976 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:56:44.0125 2976 sfloppy - ok
13:56:44.0203 2976 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
13:56:44.0297 2976 Sftfs - ok
13:56:44.0375 2976 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
13:56:44.0469 2976 sftlist - ok
13:56:44.0515 2976 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
13:56:44.0562 2976 Sftplay - ok
13:56:44.0593 2976 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
13:56:44.0640 2976 Sftredir - ok
13:56:44.0671 2976 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
13:56:44.0718 2976 Sftvol - ok
13:56:44.0765 2976 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
13:56:44.0812 2976 sftvsa - ok
13:56:44.0859 2976 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
13:56:45.0030 2976 SharedAccess - ok
13:56:45.0077 2976 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:56:45.0233 2976 ShellHWDetection - ok
13:56:45.0280 2976 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
13:56:45.0342 2976 sisagp - ok
13:56:45.0373 2976 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:56:45.0420 2976 SiSRaid2 - ok
13:56:45.0436 2976 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:56:45.0498 2976 SiSRaid4 - ok
13:56:45.0576 2976 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:56:45.0639 2976 SkypeUpdate - ok
13:56:45.0685 2976 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
13:56:45.0810 2976 Smb - ok
13:56:45.0857 2976 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:56:45.0935 2976 SNMPTRAP - ok
13:56:45.0982 2976 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
13:56:46.0029 2976 spldr - ok
13:56:46.0091 2976 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
13:56:46.0185 2976 Spooler - ok
13:56:46.0341 2976 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
13:56:46.0653 2976 sppsvc - ok
13:56:46.0715 2976 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:56:46.0840 2976 sppuinotify - ok
13:56:46.0887 2976 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
13:56:46.0996 2976 srv - ok
13:56:47.0043 2976 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:56:47.0136 2976 srv2 - ok
13:56:47.0183 2976 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:56:47.0261 2976 srvnet - ok
13:56:47.0308 2976 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:56:47.0448 2976 SSDPSRV - ok
13:56:47.0479 2976 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
13:56:47.0526 2976 ssmdrv - ok
13:56:47.0557 2976 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
13:56:47.0698 2976 SstpSvc - ok
13:56:47.0745 2976 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:56:47.0791 2976 stexstor - ok
13:56:47.0885 2976 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
13:56:48.0010 2976 StiSvc - ok
13:56:48.0057 2976 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
13:56:48.0119 2976 swenum - ok
13:56:48.0166 2976 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
13:56:48.0353 2976 swprv - ok
13:56:48.0431 2976 [ BD8E7F87DE409A745A132A8812DE5A96 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:56:48.0493 2976 SynTP - ok
13:56:48.0603 2976 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
13:56:48.0759 2976 SysMain - ok
13:56:48.0805 2976 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
13:56:48.0915 2976 TabletInputService - ok
13:56:48.0977 2976 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
13:56:49.0133 2976 TapiSrv - ok
13:56:49.0180 2976 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
13:56:49.0336 2976 TBS - ok
13:56:49.0429 2976 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:56:49.0617 2976 Tcpip - ok
13:56:49.0679 2976 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:56:49.0819 2976 TCPIP6 - ok
13:56:49.0866 2976 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:56:49.0929 2976 tcpipreg - ok
13:56:49.0991 2976 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:56:50.0069 2976 TDPIPE - ok
13:56:50.0100 2976 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:56:50.0178 2976 TDTCP - ok
13:56:50.0225 2976 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:56:50.0334 2976 tdx - ok
13:56:50.0381 2976 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
13:56:50.0428 2976 TermDD - ok
13:56:50.0490 2976 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
13:56:50.0646 2976 TermService - ok
13:56:50.0709 2976 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
13:56:50.0802 2976 Themes - ok
13:56:50.0849 2976 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
13:56:50.0974 2976 THREADORDER - ok
13:56:51.0005 2976 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
13:56:51.0145 2976 TrkWks - ok
13:56:51.0223 2976 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:56:51.0364 2976 TrustedInstaller - ok
13:56:51.0395 2976 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:56:51.0535 2976 tssecsrv - ok
13:56:51.0582 2976 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:56:51.0660 2976 TsUsbFlt - ok
13:56:51.0723 2976 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:56:51.0847 2976 tunnel - ok
13:56:51.0910 2976 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:56:51.0972 2976 uagp35 - ok
13:56:52.0019 2976 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:56:52.0159 2976 udfs - ok
13:56:52.0253 2976 [ B7A165DDC6B2C8ACCFD5986933940285 ] UI Assistant Service C:\Program Files\ZTE Join Air\AssistantServices.exe
13:56:52.0300 2976 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
13:56:52.0300 2976 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
13:56:52.0331 2976 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:56:52.0425 2976 UI0Detect - ok
13:56:52.0518 2976 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:56:52.0581 2976 uliagpkx - ok
13:56:52.0627 2976 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
13:56:52.0705 2976 umbus - ok
13:56:52.0752 2976 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:56:52.0830 2976 UmPass - ok
13:56:52.0877 2976 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
13:56:53.0033 2976 upnphost - ok
13:56:53.0080 2976 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
13:56:53.0158 2976 usbaudio - ok
13:56:53.0189 2976 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:56:53.0267 2976 usbccgp - ok
13:56:53.0314 2976 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:56:53.0392 2976 usbcir - ok
13:56:53.0439 2976 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
13:56:53.0517 2976 usbehci - ok
13:56:53.0563 2976 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:56:53.0641 2976 usbhub - ok
13:56:53.0673 2976 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
13:56:53.0735 2976 usbohci - ok
13:56:53.0766 2976 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:56:53.0860 2976 usbprint - ok
13:56:53.0907 2976 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:56:53.0985 2976 USBSTOR - ok
13:56:54.0016 2976 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:56:54.0094 2976 usbuhci - ok
13:56:54.0125 2976 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
13:56:54.0219 2976 usbvideo - ok
13:56:54.0265 2976 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
13:56:54.0406 2976 UxSms - ok
13:56:54.0437 2976 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
13:56:54.0499 2976 VaultSvc - ok
13:56:54.0546 2976 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:56:54.0609 2976 vdrvroot - ok
13:56:54.0671 2976 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
13:56:54.0827 2976 vds - ok
13:56:54.0874 2976 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:56:54.0967 2976 vga - ok
13:56:54.0999 2976 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
13:56:55.0123 2976 VgaSave - ok
13:56:55.0170 2976 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:56:55.0248 2976 vhdmp - ok
13:56:55.0279 2976 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
13:56:55.0342 2976 viaagp - ok
13:56:55.0373 2976 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
13:56:55.0451 2976 ViaC7 - ok
13:56:55.0498 2976 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
13:56:55.0545 2976 viaide - ok
13:56:55.0576 2976 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:56:55.0638 2976 volmgr - ok
13:56:55.0669 2976 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:56:55.0747 2976 volmgrx - ok
13:56:55.0779 2976 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:56:55.0857 2976 volsnap - ok
13:56:55.0888 2976 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:56:55.0950 2976 vsmraid - ok
13:56:56.0028 2976 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
13:56:56.0247 2976 VSS - ok
13:56:56.0278 2976 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:56:56.0340 2976 vwifibus - ok
13:56:56.0387 2976 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:56:56.0481 2976 vwififlt - ok
13:56:56.0527 2976 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:56:56.0605 2976 vwifimp - ok
13:56:56.0652 2976 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
13:56:56.0824 2976 W32Time - ok
13:56:56.0995 2976 [ B8C182DF79AC8938311AC8E193D52762 ] w800bus C:\windows\system32\DRIVERS\w800bus.sys
13:56:57.0073 2976 w800bus - ok
13:56:57.0120 2976 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:56:57.0183 2976 WacomPen - ok
13:56:57.0229 2976 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:56:57.0339 2976 WANARP - ok
13:56:57.0354 2976 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:56:57.0479 2976 Wanarpv6 - ok
13:56:57.0557 2976 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
13:56:57.0729 2976 wbengine - ok
13:56:57.0775 2976 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:56:57.0885 2976 WbioSrvc - ok
13:56:57.0931 2976 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
13:56:58.0056 2976 wcncsvc - ok
13:56:58.0087 2976 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:56:58.0197 2976 WcsPlugInService - ok
13:56:58.0228 2976 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
13:56:58.0275 2976 Wd - ok
13:56:58.0337 2976 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:56:58.0446 2976 Wdf01000 - ok
13:56:58.0477 2976 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
13:56:58.0618 2976 WdiServiceHost - ok
13:56:58.0649 2976 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
13:56:58.0727 2976 WdiSystemHost - ok
13:56:58.0789 2976 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
13:56:58.0883 2976 WebClient - ok
13:56:58.0930 2976 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
13:56:59.0070 2976 Wecsvc - ok
13:56:59.0117 2976 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
13:56:59.0273 2976 wercplsupport - ok
13:56:59.0320 2976 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
13:56:59.0460 2976 WerSvc - ok
13:56:59.0538 2976 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:56:59.0663 2976 WfpLwf - ok
13:56:59.0694 2976 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:56:59.0741 2976 WIMMount - ok
13:56:59.0819 2976 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:56:59.0959 2976 WinDefend - ok
13:56:59.0991 2976 WinHttpAutoProxySvc - ok
13:57:00.0084 2976 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:57:00.0225 2976 Winmgmt - ok
13:57:00.0318 2976 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
13:57:00.0521 2976 WinRM - ok
13:57:00.0630 2976 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
13:57:00.0786 2976 Wlansvc - ok
13:57:00.0833 2976 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
13:57:00.0942 2976 WmiAcpi - ok
13:57:01.0020 2976 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:57:01.0098 2976 wmiApSrv - ok
13:57:01.0207 2976 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:57:01.0363 2976 WMPNetworkSvc - ok
13:57:01.0410 2976 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
13:57:01.0519 2976 WPCSvc - ok
13:57:01.0566 2976 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:57:01.0691 2976 WPDBusEnum - ok
13:57:01.0738 2976 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:57:01.0847 2976 ws2ifsl - ok
13:57:01.0894 2976 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
13:57:01.0987 2976 wscsvc - ok
13:57:02.0003 2976 WSearch - ok
13:57:02.0128 2976 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
13:57:02.0346 2976 wuauserv - ok
13:57:02.0377 2976 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:57:02.0455 2976 WudfPf - ok
13:57:02.0502 2976 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:57:02.0580 2976 WUDFRd - ok
13:57:02.0643 2976 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:57:02.0736 2976 wudfsvc - ok
13:57:02.0783 2976 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
13:57:02.0908 2976 WwanSvc - ok
13:57:02.0955 2976 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:57:03.0033 2976 ZTEusbmdm6k - ok
13:57:03.0064 2976 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\windows\system32\DRIVERS\ZTEusbnet.sys
13:57:03.0142 2976 ZTEusbnet - ok
13:57:03.0189 2976 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
13:57:03.0298 2976 ZTEusbnmea - ok
13:57:03.0345 2976 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
13:57:03.0391 2976 ZTEusbser6k - ok
13:57:03.0438 2976 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\windows\system32\DRIVERS\ZTEusbvoice.sys
13:57:03.0485 2976 ZTEusbvoice - ok
13:57:03.0563 2976 ================ Scan global ===============================
13:57:03.0625 2976 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
13:57:03.0672 2976 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
13:57:03.0719 2976 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
13:57:03.0766 2976 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
13:57:03.0813 2976 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
13:57:03.0844 2976 [Global] - ok
13:57:03.0844 2976 ================ Scan MBR ==================================
13:57:03.0859 2976 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:57:04.0234 2976 \Device\Harddisk0\DR0 - ok
13:57:04.0234 2976 ================ Scan VBR ==================================
13:57:04.0249 2976 [ A7CA3015F1BE7B68708339DB0D6D7C71 ] \Device\Harddisk0\DR0\Partition1
13:57:04.0249 2976 \Device\Harddisk0\DR0\Partition1 - ok
13:57:04.0327 2976 [ 512744C0235B96621820344228FA735E ] \Device\Harddisk0\DR0\Partition2
13:57:04.0343 2976 \Device\Harddisk0\DR0\Partition2 - ok
13:57:04.0343 2976 ============================================================
13:57:04.0343 2976 Scan finished
13:57:04.0343 2976 ============================================================
13:57:04.0390 4456 Detected object count: 4
13:57:04.0390 4456 Actual detected object count: 4
13:57:19.0678 4456 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0678 4456 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:19.0693 4456 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0693 4456 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:19.0693 4456 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0709 4456 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:19.0709 4456 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0709 4456 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
 lg, me. |
|
11.02.2013, 14:26
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsam Ist bislang alles recht unauffällig. Warum GMER da meint da wäre etwas versteckt weiß ich so noch nicht, aber das Laufwerk Q ist ja diese Office-Geschichte von MS.... adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> GMER meldet "hidden rootkit activity" & Rechner langsam |
|
11.02.2013, 16:18
| #7 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus, ja, das ist irgendwie der Nachteil beim vorinstallierten Windows, man findet auf einmal lauter Programme, die man nicht kennt (und oft auch nicht braucht) - wenn ich auf Q klicke, erhalte ich auch keinen Zugriff, das Laufwerk ist "geschützt". Ich hatte mich bisher aber nicht fit genug gefühlt, um Win einfach neu zu installieren, so dass hinterher wirklich alles funktioniert (siehe Hardware-Treiber etc.). AdwCleaner lief ohne Probleme, musste aber 1x neu starten. Hatte schlauerweise erst "Suchen" gemacht und dann "Löschen" (wer lesen kann, ist klar im Vorteil ), daher gibt's 2 Logfiles. Suchen: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 11/02/2013 um 14:52:27 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : ... - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\...\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\88ttsqn5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [868 octets] - [11/02/2013 14:52:27]
########## EOF - C:\AdwCleaner[R1].txt - [927 octets] ##########
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 11/02/2013 um 14:53:39 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : ... - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\...\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\...\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\88ttsqn5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [995 octets] - [11/02/2013 14:52:27]
AdwCleaner[S1].txt - [929 octets] - [11/02/2013 14:53:39]
########## EOF - C:\AdwCleaner[S1].txt - [988 octets] ##########
OTL.txt Code:
ATTFilter OTL logfile created on: 2/11/2013 3:06:39 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 203.35 Mb Available Physical Memory | 20.05% Memory free 2.99 Gb Paging File | 1.95 Gb Available in Paging File | 65.21% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 56.20 Gb Free Space | 70.26% Space Free | Partition Type: NTFS Drive D: | 54.03 Gb Total Space | 43.03 Gb Free Space | 79.64% Space Free | Partition Type: NTFS Computer Name: NETBOOK | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\ZTE Join Air\AssistantServices.exe () ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll () MOD - C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll () MOD - C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll () MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UI Assistant Service) -- C:\Program Files\ZTE Join Air\AssistantServices.exe () ========== Driver Services (SafeList) ========== DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\zteusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (w800bus) -- C:\Windows\System32\drivers\w800bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\SearchScopes\{CC0BF2FC-B6AD-4033-BB3D-147016CEB22D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013/01/29 20:09:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:16:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 16:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2013/01/31 22:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions [2012/10/16 16:44:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012/05/19 09:20:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\en-US@dictionaries.addons.mozilla.org [2013/01/22 19:46:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\88ttsqn5.default\extensions\firefox@ghostery.com [2013/01/31 10:36:39 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/01/31 22:54:06 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\88ttsqn5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/02/06 22:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/29 20:09:28 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013/02/06 22:16:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-268967856-1830572098-4256470926-1000\..Trusted Domains: secunia.com ([]https in Vertrauenswürdige Sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A1F17EB-9944-41B8-B902-3562B5878363}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF68EEF1-8832-40C0-A48F-CD51ED10B0FD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030/01/01 22:36:01 | 000,000,000 | -HSD | C] -- C:\Boot [2013/02/11 12:58:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe [2013/02/11 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\mbar-1.01.0.1020 [2013/02/09 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Logs [2013/02/08 17:16:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe [2013/02/08 17:10:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013/02/08 17:03:40 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMAPI32.OCX [2013/02/08 17:03:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCOMCT2.OCX [2013/02/08 17:03:35 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCMCDE.DLL [2013/02/08 17:03:35 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6DE.DLL [2013/02/08 17:03:35 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCC2DE.DLL [2013/02/08 17:03:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPIDE.DLL [2013/02/08 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2013/02/06 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/05 16:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/02/05 16:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/01/29 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013/01/29 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013/01/29 16:32:12 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Secunia PSI [2013/01/29 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013/01/29 13:21:59 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes [2013/01/29 13:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/29 13:21:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/01/29 13:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/29 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Programs [2013/01/29 12:59:20 | 000,000,000 | ---D | C] -- C:\windows\System32\x64 [2013/01/29 12:56:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013/01/29 12:56:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rdpvideominiport.sys [2013/01/29 12:56:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013/01/29 12:56:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RdpGroupPolicyExtension.dll [2013/01/29 12:56:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys [2013/01/29 12:56:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsRdpWebAccess.dll [2013/01/29 12:56:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2013/01/29 12:56:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll [2013/01/29 12:56:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprtPS.dll [2013/01/29 12:56:16 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe [2013/01/29 12:56:16 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2013/01/29 12:56:16 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpudd.dll [2013/01/29 12:56:16 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpendp_winip.dll [2013/01/29 12:56:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWbPrxy.exe [2013/01/29 12:56:14 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorets.dll [2013/01/29 12:51:16 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys [2013/01/29 12:51:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll [2013/01/29 12:49:54 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2013/01/29 12:49:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2013/01/29 12:49:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2013/01/29 12:44:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl [2013/01/29 12:44:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll [2013/01/29 12:44:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll [2013/01/29 12:44:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll [2013/01/29 12:43:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll [2013/01/29 12:43:46 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OxpsConverter.exe [2013/01/29 12:43:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys [2013/01/29 12:43:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\System32\fpb.rs [2013/01/29 12:43:26 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\System32\oflc-nz.rs [2013/01/29 12:43:26 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\System32\csrr.rs [2013/01/29 12:43:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\System32\cob-au.rs [2013/01/29 12:43:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\System32\djctq.rs [2013/01/29 12:43:25 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2013/01/29 12:43:25 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wpc.dll [2013/01/29 12:43:25 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\System32\pegibbfc.rs [2013/01/29 12:43:25 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\System32\usk.rs [2013/01/29 12:43:25 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\System32\grb.rs [2013/01/29 12:43:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-pt.rs [2013/01/29 12:43:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi.rs [2013/01/29 12:43:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\System32\cero.rs [2013/01/29 12:43:23 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\System32\esrb.rs [2013/01/29 12:43:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\System32\oflc.rs [2013/01/29 12:43:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-fi.rs [2013/01/29 12:42:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll [2013/01/29 12:42:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll [2013/01/29 12:42:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2013/01/29 12:42:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2013/01/29 12:41:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/29 12:41:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/29 12:41:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013/01/29 12:41:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013/01/29 12:41:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/29 12:41:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/29 12:41:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll [2013/01/29 12:41:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll [2013/01/29 12:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/29 12:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013/01/29 12:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/29 12:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013/01/29 12:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll [2013/01/29 12:41:04 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2013/01/29 12:38:06 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013/01/24 14:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013/01/21 14:10:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2013/01/21 14:10:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2013/01/21 14:07:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/01/21 14:07:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/01/21 14:07:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/01/21 14:07:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/01/21 14:07:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013/01/21 14:07:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/01/21 14:07:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/01/21 14:07:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013/01/21 13:58:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2013/01/21 13:57:41 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll [2013/01/21 13:56:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2013/01/21 13:55:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2013/01/21 13:53:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe ========== Files - Modified Within 30 Days ========== [2013/02/11 15:03:58 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/11 15:03:58 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/11 14:56:28 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2013/02/11 14:55:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/02/11 14:55:40 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2013/02/11 14:47:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/11 14:41:11 | 000,587,659 | ---- | M] () -- C:\Users\...\Desktop\adwcleaner.exe [2013/02/11 13:20:30 | 135,199,968 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/02/11 13:01:41 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\...\Desktop\tdsskiller.exe [2013/02/11 12:59:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\...\Desktop\aswMBR.exe [2013/02/11 11:51:45 | 013,711,621 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1020.zip [2013/02/09 01:31:51 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe [2013/02/08 17:12:16 | 000,365,568 | ---- | M] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe [2013/02/08 17:10:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2013/02/08 17:03:48 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013/02/08 16:47:58 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/02/08 16:47:58 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/02/05 18:08:14 | 000,644,310 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/02/05 18:08:14 | 000,607,634 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/02/05 18:08:14 | 000,126,580 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/02/05 18:08:14 | 000,103,754 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/02/05 16:25:56 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/02/05 16:19:15 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/02/05 13:30:54 | 000,002,286 | -H-- | M] () -- D:\...\Eigene Dokumente\Default.rdp [2013/01/29 19:48:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/29 19:43:08 | 000,000,932 | ---- | M] () -- C:\Users\...\Desktop\IrfanView.lnk [2013/01/29 19:40:33 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk [2013/01/29 16:32:03 | 000,001,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/01/29 14:40:17 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\windows\System32\+npDeployJava1.dll [2013/01/29 14:40:17 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013/01/29 13:21:46 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/29 13:06:40 | 000,272,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/01/24 14:59:16 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2030/01/01 22:36:02 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013/02/11 13:20:30 | 135,199,968 | ---- | C] () -- C:\windows\MEMORY.DMP [2013/02/11 11:49:57 | 013,711,621 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1020.zip [2013/02/09 01:31:29 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe [2013/02/08 17:19:52 | 000,587,659 | ---- | C] () -- C:\Users\...\Desktop\adwcleaner.exe [2013/02/08 17:12:10 | 000,365,568 | ---- | C] () -- C:\Users\...\Desktop\gmer_2.0.18454.exe [2013/02/08 17:03:48 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013/02/08 17:03:39 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2013/02/05 16:25:56 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/02/05 16:19:15 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/05 16:19:15 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/29 19:48:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/29 19:43:07 | 000,000,932 | ---- | C] () -- C:\Users\...\Desktop\IrfanView.lnk [2013/01/29 19:42:41 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/29 16:32:03 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/01/29 16:32:03 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/01/29 13:21:46 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/29 12:51:22 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/01/29 12:49:51 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/01/24 14:59:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/01/24 14:59:16 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012/03/30 18:13:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2012/03/30 18:13:10 | 000,001,471 | ---- | C] () -- C:\windows\ODBCINST.INI [2012/01/19 19:48:26 | 000,061,678 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JPR.{PB [2012/01/19 19:48:26 | 000,012,358 | ---- | C] () -- C:\Users\...\AppData\Roaming\PFP120JCM.{PB [2011/12/14 10:48:47 | 000,065,536 | ---- | C] () -- C:\windows\System32\HPPLVS.dll [2011/12/13 00:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/07 16:23:31 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 2/11/2013 3:06:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014.18 Mb Total Physical Memory | 203.35 Mb Available Physical Memory | 20.05% Memory free
2.99 Gb Paging File | 1.95 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 56.20 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive D: | 54.03 Gb Total Space | 43.03 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Computer Name: NETBOOK | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-268967856-1830572098-4256470926-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03386B1F-803A-4186-8DA4-D323B4071C9E}" = rport=139 | protocol=6 | dir=out | app=system |
"{14A6C1E0-851E-4969-8896-F9441085CF6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{205CE3F2-78DF-4DA9-8B46-609A5118BE24}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DD939B7-AAB7-483E-95D7-6F9BDF2BB99A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A6065F1-83C8-439B-BD83-70D2F82CB5C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4C4CDE39-CBA8-4F93-838D-2580F67AB958}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57369344-79A8-4092-A134-192392D9BCB1}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B28C47A-0ED4-4307-BBFC-448C13181989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FE02CD4-B385-4CD8-85CD-7DE53C93BEB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93EF180A-DC0C-4C4B-B3E9-E79B0DEA3649}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF78E807-09D9-490A-BEDB-239192A3CE47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C164C7A6-7062-494A-ABE7-95A9FBC3D231}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB34B017-5E1C-45A4-9040-36CDF7F601FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEB0A60B-5A38-4AF5-9BF8-A5DA11A05BF3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1171A6D4-B8ED-4768-9E63-1879953FCAEE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{286DC0BC-9132-4FB2-A61C-881DFE9BC8D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{391A479A-30B5-4C56-9C20-793828867B9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BEACA52-A999-40E9-B412-B3321D83D6C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6208F3D2-72B6-4990-B6F6-0D807A9C6F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A80E8CDB-97AC-4F17-9F03-52CB09ECF51F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC3252B4-E1F6-4A61-ADB3-8D2FD16877B5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"TCP Query User{03FCA698-A1F5-4494-B668-728880C2E613}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
"TCP Query User{77038D20-2671-4CCC-B213-A7DE7F183F1D}C:\program files\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
"UDP Query User{AC10CA33-B936-4CE0-921B-AB47D8859A28}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
"UDP Query User{D8B7EA4E-8324-4870-8EDD-16F508C435B3}C:\program files\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount\voipdiscount.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Edraw Mind Map_is1" = Edraw Mind Map V4
"Eee Docking_is1" = Eee Docking 3.7.0
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.6
"VLC media player" = VLC media player 2.0.5
"VoipDiscount_is1" = VoipDiscount
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/21/2012 6:24:58 AM | Computer Name = Netbook | Source = Application Hang | ID = 1002
Description = Programm PDFCreator.exe, Version 1.2.0.3 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 160c Startzeit:
01cd97e306c78209 Endzeit: 78 Anwendungspfad: C:\Program Files\PDFCreator\PDFCreator.exe
Berichts-ID:
8bb9a07f-03d6-11e2-914d-20cf3057c295
Error - 9/21/2012 11:02:10 AM | Computer Name = Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.1.3.1201,
Zeitstempel: 0x4ed6f47d Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.7601.17514,
Zeitstempel: 0x4ce7b71c Ausnahmecode: 0xc0000409 Fehleroffset: 0x000ab772 ID des fehlerhaften
Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01cd9809f0b6161f Pfad der
fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
Pfad
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
Berichtskennung:
50d7231b-03fd-11e2-914d-20cf3057c295
Error - 10/17/2012 6:33:11 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 10/24/2012 9:44:35 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error - 10/25/2012 8:13:41 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 11/24/2012 9:10:46 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11/26/2012 7:40:28 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 11/27/2012 4:57:33 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11/28/2012 3:59:09 PM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11/29/2012 9:51:47 AM | Computer Name = Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
[ System Events ]
Error - 2/10/2013 11:50:40 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 2/10/2013 11:51:14 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 2/10/2013 11:51:15 AM | Computer Name = Netbook | Source = DCOM | ID = 10005
Description =
Error - 2/10/2013 11:51:15 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 2/10/2013 6:13:59 PM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 2/11/2013 4:37:00 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 2/11/2013 8:21:03 AM | Computer Name = Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?02.?2013 um 13:19:17 unerwartet heruntergefahren.
Error - 2/11/2013 8:21:03 AM | Computer Name = NETBOOK | Source = BugCheck | ID = 1001
Description =
Error - 2/11/2013 8:21:43 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 2/11/2013 9:56:51 AM | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
11.02.2013, 23:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsam Vom Hersteller vorinstalliertes Windows ist ost mit irgendwelchen Beilagen versaut. Aber dafür gibt es Abhilfe wenn du willst => http://www.trojaner-board.de/100776-...tml#post676887
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 14:05
| #9 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus, vielen Dank für den Link mit der Anleitung! Ich denke, das werde ich auch machen (ISO-Download läuft schon), wahrscheinlich ist dann auch mein Netbook wieder schneller. Ich muss nur noch überprüfen, ob ich auch alle Treiber hab bzw. auf welche Hersteller-Tools ich besser verzichte (die stehen ja beim Treiber-Download mit dabei). Muss man vor der Win7-Installation eigentlich ein BIOS-Update machen? Da mit dem BIOS soweit alles funktioniert hat bisher, würd ich eher drauf verzichten wollen (v.a. weil ich grad einen Eintrag gefunden habe, dass einer mit dem BIOS-Update seinen Chip geschrottet hat). Ok, aber ansonsten ist das Netbook in Ordnung, oder? Ich wollte halt nur sichergehen, dass ich mir nicht die frische Vista-Installation auf dem PC gleich wieder versaue, indem ich ihn vom Netbook her aufrüste & auch gleich anstecke. Vielen herzlichen Dank schon einmal für Deine geduldige Hilfe! lg, me. |
|
12.02.2013, 14:15
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsamZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 15:50
| #11 | |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus! Zitat:
Ich find das eh ein bisschen konfus, am praktischsten fände ich eine Treiber-Export-Funktion aus der aktuellen Installation heraus - die jetzigen funktionieren ja alle! Vielen Dank! lg, me. |
|
12.02.2013, 15:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsam BIOS-Updates werden idR nur dann empohlen wenn man wirklich Probleme hat. Und Laien wie Oma Lieschen ist das nun wirklich nicht gedacht, damit mal eben das BIOS neu zu flashen 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 16:18
| #13 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus, danke für die Erläuterung! Ich hätte das BIOS jetzt auch nicht von alleine geupdatet, keine Sorge! Mir fällt noch ein 2. Grund ein, warum ich gefragt hatte: In einer Asus Anleitung fürs Windows 7 Self-Upgrade (das war die einzige Asus Anleitung, die ich hinsichtlich der Treiber-Reihenfolge überhaupt gefunden habe) stand, bei einem Upgrade von Win XP zu Win 7 sollte man das BIOS via ASUS Update aktualisieren. lg, me. |
|
12.02.2013, 16:47
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMER meldet "hidden rootkit activity" & Rechner langsam Was für ein Board von Asus genau hast du denn?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2013, 17:19
| #15 |
| | GMER meldet "hidden rootkit activity" & Rechner langsam Hi Cosinus, wenn ich das richtig herausgesucht hab, dann wohl Asus 1005PX (kommt das hin?). lg, me. |
|
| Themen zu GMER meldet "hidden rootkit activity" & Rechner langsam |
| 32 bit, antivir, arbeitsspeicher voll, avira, cpu, error, failed, firefox, flash player, format, ftp, install.exe, installation, kaspersky, langsam, logfile, microsoft office starter 2010, mozilla, neu aufsetzen, ntdll.dll, ntopenkeyex, programm, realtek, registry, rootkit, rundll, scan, secunia psi, security, software, svchost.exe, udp |
Linear-Darstellung
