Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Computer langsam, Internet schleppend - Verdacht ... aber was?

Computer langsam, Internet schleppend - Verdacht ... aber was?


Log-Analyse und Auswertung: Computer langsam, Internet schleppend - Verdacht ... aber was?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.02.2013, 23:33   #1
FSt_CH
 
Computer langsam, Internet schleppend - Verdacht ... aber was? - Standard

Computer langsam, Internet schleppend - Verdacht ... aber was?


Hallo liebe Helfer
Ich versuche hier gerade einem System wieder Manieren beizubringen, aber irgendwie komm ich nicht weiter. Kann mir mal jemand mit mehr Sachverstand helfen ...
Danke Euch!

OTL.txt
Code:
ATTFilter
OTL logfile created on: 23.02.2013 21:51:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barbara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,26% Memory free
6,22 Gb Paging File | 5,15 Gb Available in Paging File | 82,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,27 Gb Total Space | 316,41 Gb Free Space | 71,06% Space Free | Partition Type: NTFS
Drive D: | 20,48 Gb Total Space | 11,35 Gb Free Space | 55,39% Space Free | Partition Type: FAT32
 
Computer Name: BARBARA-PC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 20:38:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
PRC - [2013.02.15 22:50:20 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 07:21:20 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013.02.14 06:28:40 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.01.10 06:42:54 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
MOD - [2013.01.10 06:42:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 06:42:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.10 05:54:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.10 05:53:54 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 05:52:58 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 05:52:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.10.29 16:32:24 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3134.40006__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:24 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3134.39961__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:24 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3134.40009__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3134.39999__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3134.39983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:23 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3134.40143__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:23 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3134.40198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:23 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3134.40224__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:23 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3134.40169__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:23 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3134.40134__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:23 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3134.40197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:23 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3134.40199__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:23 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3134.40135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:23 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3134.40160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3134.39977__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3134.40222__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3134.40125__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3134.40133__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3134.40196__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:23 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3134.40096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:22 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3134.40100__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3134.40149__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.10.29 16:32:22 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3134.40010__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:22 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3134.40119__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:22 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3134.40099__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3134.40118__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:21 | 000,794,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3134.40162__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:21 | 000,671,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3134.40127__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:21 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3134.40011__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:21 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3134.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:21 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3134.39985__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:21 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.10.29 16:32:21 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3134.40097__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3134.40017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.10.29 16:32:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3134.40121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.10.29 16:32:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.10.29 16:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.10.29 16:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.10.29 16:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.10.29 16:32:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.10.29 16:32:21 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.10.29 16:32:20 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.10.29 16:32:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.10.29 16:32:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.10.29 16:32:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3119.30167__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008.10.29 16:32:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.10.29 16:32:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.10.29 16:32:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.10.29 16:32:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.10.29 16:32:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.10.29 16:32:19 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3134.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.10.29 16:32:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3134.39953_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll
MOD - [2008.10.29 16:32:19 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3134.40175_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.10.29 16:32:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3134.40215__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.10.29 16:32:17 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3134.40186__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.10.29 16:32:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3134.40183__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.10.29 16:32:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.10.29 16:32:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.10.29 16:32:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.10.29 16:32:17 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008.10.29 16:32:17 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008.10.29 16:32:17 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3134.39948__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.10.29 16:32:16 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3134.39970__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.10.29 16:32:16 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3134.40175__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.10.29 16:32:16 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3134.39992__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.10.29 16:32:16 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3134.39952__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.10.29 16:32:16 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3134.39950__90ba9c70f846762e\APM.Server.dll
MOD - [2008.10.29 16:32:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3134.39953__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008.10.29 16:32:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3134.39951__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.10.29 16:32:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.10.29 16:32:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3134.39948__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.10.29 16:32:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.10.29 16:32:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.10.29 16:32:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.10.29 16:32:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3134.40186__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.10.29 16:32:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.10.29 16:32:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.10.29 16:32:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.08.01 05:47:26 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.19 19:34:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 22:52:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.12 19:52:42 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva369.sys -- (XDva369)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys -- (XDva359)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2013.02.23 20:19:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45D00B63-09F1-4DDD-AD1B-8447314FDF2E}\MpKsl23b0fd36.sys -- (MpKsl23b0fd36)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.01.29 16:16:46 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\12714142.sys -- (12714142)
DRV - [2009.10.09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\1271414.sys -- (setup_9.0.0.722_28.03.2011_20-19drv)
DRV - [2009.09.25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\12714141.sys -- (12714141)
DRV - [2008.08.01 07:40:26 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB32683C-7CA1-43ED-930E-1DEDC56F3828}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=2FFBD4FE-ED3F-46F7-8D70-A4A47B7F7175&apn_sauid=E1916372-34B7-4B89-9E44-60D98BBCB5C3
IE - HKCU\..\SearchScopes\{FFEA446B-3480-4028-B112-A43FE95411AA}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: player%40portalarium.com:1.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677}:3.2.5.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Barbara\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Barbara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.19 19:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.19 19:33:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.19 19:34:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.19 19:33:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2010.09.13 15:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\mozilla\Extensions
[2013.02.23 17:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\Profiles\ho8xagtp.default\extensions
[2010.09.18 12:01:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\Profiles\ho8xagtp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.10 16:24:05 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\Barbara\AppData\Roaming\mozilla\Firefox\Profiles\ho8xagtp.default\extensions\player@portalarium.com
[2013.02.19 19:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.19 19:33:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.19 19:34:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.19 19:20:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.19 19:20:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.19 19:20:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.19 19:20:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.19 12:44:03 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013.01.19 19:20:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.19 19:20:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Barbara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SiteAdvisor = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{546774AC-92DC-4716-A36B-31345848C099}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (BdInstHk.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 20:38:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2013.02.23 20:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.02.23 20:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.02.23 20:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.02.23 18:39:47 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
[2013.02.23 18:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 18:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 18:39:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.23 18:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.23 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013.02.23 16:35:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.02.19 19:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.18 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.02.14 13:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.14 13:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 21:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.23 21:45:40 | 000,000,000 | ---- | M] () -- C:\Users\Barbara\defogger_reenable
[2013.02.23 21:40:00 | 000,050,477 | ---- | M] () -- C:\Users\Barbara\Desktop\Defogger.exe
[2013.02.23 21:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.23 21:02:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:02:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 20:55:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360064170-498792875-4113823621-1000UA.job
[2013.02.23 20:38:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2013.02.23 20:19:35 | 000,001,748 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.02.23 19:09:23 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.23 19:09:23 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.23 19:09:23 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.23 19:09:23 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.23 19:02:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 19:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 19:02:05 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 18:39:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.23 16:37:12 | 000,246,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.23 16:35:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013.02.23 16:35:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013.02.22 22:55:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360064170-498792875-4113823621-1000Core.job
[2013.02.21 21:42:02 | 000,076,806 | ---- | M] () -- C:\Users\Barbara\Documents\13117_483421801721531_1813596247_n.jpg
[2013.02.18 21:11:20 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.14 13:14:47 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.29 00:33:23 | 000,013,837 | ---- | M] () -- C:\Users\Barbara\Documents\Arbeitsamt Recklinghausen.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 21:45:40 | 000,000,000 | ---- | C] () -- C:\Users\Barbara\defogger_reenable
[2013.02.23 21:40:00 | 000,050,477 | ---- | C] () -- C:\Users\Barbara\Desktop\Defogger.exe
[2013.02.23 20:19:35 | 000,001,748 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.02.23 18:39:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.23 16:35:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013.02.23 16:35:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013.02.23 15:59:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.23 15:59:47 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.23 15:56:42 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.02.23 15:56:42 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.02.23 15:56:42 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.02.21 21:41:59 | 000,076,806 | ---- | C] () -- C:\Users\Barbara\Documents\13117_483421801721531_1813596247_n.jpg
[2013.02.18 21:04:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.02.18 20:45:49 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.11.14 09:04:44 | 000,000,680 | ---- | C] () -- C:\Users\Barbara\AppData\Local\d3d9caps.dat
[2011.05.23 11:59:49 | 000,000,552 | ---- | C] () -- C:\Users\Barbara\AppData\Local\d3d8caps.dat
[2010.08.24 16:24:12 | 000,000,000 | ---- | C] () -- C:\Users\Barbara\__ng3d.lock
[2009.10.21 21:42:12 | 000,033,460 | ---- | C] () -- C:\Users\Barbara\AppData\Local\slot1.mm1
[2009.06.25 17:01:59 | 000,026,112 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.05 11:41:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.10.31 18:27:30 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Ashtons Family Resort
[2009.08.02 16:19:02 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Boolat Games
[2012.10.19 13:37:54 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Dropbox
[2009.07.07 15:25:17 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FashionCrazeDe
[2012.03.09 14:13:32 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FOG Downloader
[2009.10.08 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Friday's games
[2009.08.11 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\GameInvest
[2010.08.19 11:57:25 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\GamesCafe
[2011.06.25 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\gamigoGr
[2012.04.02 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Gyazo
[2009.07.02 23:22:20 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Janes_Realty
[2012.12.24 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Kalydo
[2011.06.25 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\launcher
[2010.11.18 15:07:14 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\LolClient
[2011.06.25 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Martial Empires Launcher
[2009.07.18 15:00:11 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Merscom
[2009.10.25 18:53:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\My Games
[2009.06.23 21:58:02 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\OpenOffice.org
[2012.10.23 10:47:17 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Opera
[2009.06.24 12:04:44 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\PetShowCraze
[2009.12.24 00:13:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\PlayFirst
[2009.10.10 17:28:41 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\PoBros
[2009.09.25 12:31:03 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Saved Games
[2009.10.04 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\SecondLife
[2009.10.13 12:03:31 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\SecretIslandDeuBF
[2012.12.12 18:52:38 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TeamViewer
[2012.07.10 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Unity
[2009.08.05 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\World-LooM
[2011.07.13 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Barbara\Documents\03.10.2012 008.AVI:TOC.WMV

< End of report >

Alt 23.02.2013, 23:35   #2
FSt_CH
 
Computer langsam, Internet schleppend - Verdacht ... aber was? - Standard

Computer langsam, Internet schleppend - Verdacht ... aber was?


Gmer.txt
Code:
ATTFilter
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-23 23:19:14
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AACS-00G8B1 rev.05.04C05 465,76GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\Barbara\AppData\Local\Temp\uxliyfog.sys


---- System - GMER 2.1 ----

SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAcceptConnectPort [0x81FC3E8E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheck [0x81E342D5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheckAndAuditAlarm [0x81FFC541]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheckByType [0x81E36020]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheckByTypeAndAuditAlarm [0x81FF414A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheckByTypeResultList [0x81EE9E5E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheckByTypeResultListAndAuditAlarm [0x820A95E9]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x820A9632]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAddAtom [0x81FC4058]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAddBootEntry [0x820BEF56]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAddDriverEntry [0x820C01FA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAdjustGroupsToken [0x81FFC93C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAdjustPrivilegesToken [0x81FF95E2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlertResumeThread [0x8209C591]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlertThread [0x820151F5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAllocateLocallyUniqueId [0x81FCA57C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAllocateUserPhysicalPages [0x8208DC53]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAllocateUuids [0x81FAAA3C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAllocateVirtualMemory [0x8205147D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcAcceptConnectPort [0x81FF3720]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcCancelMessage [0x81FBD85D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcConnectPort [0x81FF3824]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcCreatePort [0x81FC3976]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcCreatePortSection [0x81FE5D5D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcCreateResourceReserve [0x81FB926B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcCreateSectionView [0x81FE5B2D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcCreateSecurityContext [0x81FED97F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcDeletePortSection [0x81FE5EF7]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcDeleteResourceReserve [0x820894BF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcDeleteSectionView [0x81FFE44B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcDeleteSecurityContext [0x81FFD175]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcDisconnectPort [0x81FFB5E8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcImpersonateClientOfPort [0x8200045F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcOpenSenderProcess [0x81FC4771]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcOpenSenderThread [0x81FC6315]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcQueryInformation [0x81FE2D56]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcQueryInformationMessage [0x8200190F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcRevokeSecurityContext [0x820895E4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcSendWaitReceivePort [0x82046942]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAlpcSetInformation [0x81FE22F8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwApphelpCacheControl [0x81FD722E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAreMappedFilesTheSame [0x8208A38B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAssignProcessToJobObject [0x81FC6B08]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCallbackReturn [0x81EB625C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCancelDeviceWakeupRequest [0x82097D4D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCancelIoFile [0x81FBA691]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCancelTimer [0x81E2D68B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwClearEvent [0x8203E1BB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwClose [0x82043C98]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCloseObjectAuditAlarm [0x81FFC466]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCompactKeys [0x8205D8B2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCompareTokens [0x81FBD505]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCompleteConnectPort [0x81FC3F0B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCompressKey [0x8205DB3D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwConnectPort [0x81FD6AF6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwContinue [0x81E57710]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateDebugObject [0x8206CD98]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateDirectoryObject [0x81FC953C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateEvent [0x8201BD47]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateEventPair [0x820C4610]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateFile [0x8204B2D1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateIoCompletion [0x81FD5932]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateJobObject [0x81FB4002]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateJobSet [0x8209E2FF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateKey [0x81FF80D0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateKeyTransacted [0x81F9DFA8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateMailslotFile [0x81FB0D94]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateMutant [0x820297A2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateNamedPipeFile [0x81FD7743]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreatePrivateNamespace [0x81F9C6CE]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreatePagingFile [0x81F5A1F4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreatePort [0x81F8EA37]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateProcess [0x8209AD71]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateProcessEx [0x8209ADBC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateProfile [0x820C4C8F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateSection [0x8203AD75]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateSemaphore [0x81FE0CEB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateSymbolicLinkObject [0x81FC931F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateThread [0x8209ABA4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateTimer [0x81FC3AD2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateToken [0x81FCB294]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateTransaction [0x81FAF758]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenTransaction [0x820AC9ED]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationTransaction [0x820ACBFC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationTransactionManager [0x81F7DA65]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrePrepareEnlistment [0x820AC324]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrepareEnlistment [0x820AC263]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCommitEnlistment [0x820AC3E5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReadOnlyEnlistment [0x820AC869]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRollbackComplete [0x820AC928]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRollbackEnlistment [0x820AC4A6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCommitTransaction [0x81FA04E2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRollbackTransaction [0x81F80728]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrePrepareComplete [0x820AC628]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrepareComplete [0x820AC567]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCommitComplete [0x820AC6E9]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSinglePhaseReject [0x820AC7AA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationTransaction [0x820AD4D1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationTransactionManager [0x820ADD3B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationResourceManager [0x81F7E457]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateTransactionManager [0x81F82CA8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenTransactionManager [0x81F7E6DB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRenameTransactionManager [0x820ADB03]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRollforwardTransactionManager [0x820ADC70]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRecoverEnlistment [0x820ABDAC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRecoverResourceManager [0x81F8388D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRecoverTransactionManager [0x81F836D4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateResourceManager [0x81F83257]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenResourceManager [0x81F7DFA5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetNotificationResourceManager [0x81F838E1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationResourceManager [0x820AD8B7]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateEnlistment [0x81F7F9FC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenEnlistment [0x820ABBE3]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationEnlistment [0x820AC074]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationEnlistment [0x820ABE07]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateWaitablePort [0x81F83D04]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDebugActiveProcess [0x8206DCA0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDebugContinue [0x8206E365]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDelayExecution [0x8203CE36]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteAtom [0x81FBABB8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteBootEntry [0x820BEF87]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteDriverEntry [0x820C022B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteFile [0x81F79C5E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteKey [0x81FBB71F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeletePrivateNamespace [0x8209306D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteObjectAuditAlarm [0x82057E36]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeleteValueKey [0x81FB6CC0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDeviceIoControlFile [0x8205144A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDisplayString [0x81F58BE5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDuplicateObject [0x820014E1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwDuplicateToken [0x81FF8B16]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwEnumerateBootEntries [0x820BF188]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwEnumerateDriverEntries [0x820C042A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwEnumerateKey [0x82006464]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwEnumerateSystemEnvironmentValuesEx [0x820BED57]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwEnumerateTransactionObject [0x820AD2BF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwEnumerateValueKey [0x81FDB360]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwExtendSection [0x8208C0A7]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFilterToken [0x81FB2F99]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFindAtom [0x81FBA911]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushBuffersFile [0x82014D9B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushInstructionCache [0x81FB8F41]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushKey [0x81F8D41C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushProcessWriteBuffers [0x81E21595]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushVirtualMemory [0x81FB69B4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushWriteBuffer [0x8208ECBC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFreeUserPhysicalPages [0x8208E385]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFreeVirtualMemory [0x81E8DF1D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFreezeRegistry [0x81ECC7B6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFreezeTransactions [0x820AD74C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFsControlFile [0x8204F066]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetContextThread [0x81F82A6A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetDevicePowerState [0x82097D7F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetNlsSectionPtr [0x81FB1229]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetPlugPlayEvent [0x81F9C42D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetWriteWatch [0x81EDAC64]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwImpersonateAnonymousToken [0x81FC3F15]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwImpersonateClientOfPort [0x81FDF0BA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwImpersonateThread [0x81FD950F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwInitializeNlsFiles [0x81FDA1BB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwInitializeRegistry [0x81F78AFF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwInitiatePowerAction [0x82097B58]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwIsProcessInJob [0x8205AC70]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwIsSystemResumeAutomatic [0x82097D63]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwListenPort [0x81F6960A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLoadDriver [0x81F74DEE]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLoadKey [0x81F66156]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLoadKey2 [0x81F5C9BC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLoadKeyEx [0x81F89843]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLockFile [0x81FCA608]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLockProductActivationKeys [0x81FAFD9A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLockRegistryKey [0x81F4A632]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwLockVirtualMemory [0x81E24D1B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwMakePermanentObject [0x81FB21C4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwMakeTemporaryObject [0x81FE06C6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwMapUserPhysicalPages [0x8208CFE6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwMapUserPhysicalPagesScatter [0x8208D55B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwMapViewOfSection [0x8201983A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwModifyBootEntry [0x820BF157]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwModifyDriverEntry [0x820C03FB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwNotifyChangeDirectoryFile [0x81FF47B0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwNotifyChangeKey [0x81FC85CE]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwNotifyChangeMultipleKeys [0x81FC7A46]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenDirectoryObject [0x82029028]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenEvent [0x82002D5F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenEventPair [0x820C473F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenFile [0x8200F38D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenIoCompletion [0x82076695]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenJobObject [0x8209DFF7]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenKey [0x82011636]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenKeyTransacted [0x81F9DF4D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenMutant [0x8201AB01]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenPrivateNamespace [0x82059903]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenObjectAuditAlarm [0x81FA2F09]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenProcess [0x82029F3E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenProcessToken [0x8200A9C0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenProcessTokenEx [0x820077EA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenSection [0x8201A60D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenSemaphore [0x81FAEEE6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenSession [0x81FACBB6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenSymbolicLinkObject [0x81FE0535]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenThread [0x8202548F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenThreadToken [0x8202523D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenThreadTokenEx [0x82022146]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenTimer [0x820C439B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPlugPlayControl [0x81FB990F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPowerInformation [0x82012624]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrivilegeCheck [0x81FF3ED6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrivilegeObjectAuditAlarm [0x81F969A3]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPrivilegedServiceAuditAlarm [0x81FB9010]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwProtectVirtualMemory [0x82023272]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPulseEvent [0x8205B485]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryAttributesFile [0x820290E2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryBootEntryOrder [0x820BF639]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryBootOptions [0x820BFA97]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryDebugFilterState [0x81EC6A05]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryDefaultLocale [0x81FDA139]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryDefaultUILanguage [0x81F9068A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryDirectoryFile [0x820120A5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryDirectoryObject [0x8201A6CE]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryDriverEntryOrder [0x820BFFAB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryEaFile [0x81F66177]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryEvent [0x81FBCA1F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryFullAttributesFile [0x81FDBADB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationAtom [0x81FBAA65]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationFile [0x8200A175]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationJobObject [0x81F92E77]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationPort [0x820885CD]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationProcess [0x82016F69]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationThread [0x8203CEDB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationToken [0x82007915]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInstallUILanguage [0x81F90A0E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryIntervalProfile [0x820C518B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryIoCompletion [0x8207676C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryKey [0x82006F17]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryMultipleValueKey [0x8205D127]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryMutant [0x820C4A8E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryObject [0x81FEF35B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryOpenSubKeys [0x8205D383]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryOpenSubKeysEx [0x82054F3A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryPerformanceCounter [0x8203E0CD]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryQuotaInformationFile [0x82077966]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySection [0x82029671]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySecurityObject [0x81FDDCFA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySemaphore [0x820BDF8C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySymbolicLinkObject [0x81FD0068]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySystemEnvironmentValue [0x820BE183]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySystemEnvironmentValueEx [0x820BE78F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySystemInformation [0x8203E209]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQuerySystemTime [0x82015156]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryTimer [0x820C446E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryTimerResolution [0x81FB9DBA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryValueKey [0x820268DE]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryVirtualMemory [0x8200A9E0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryVolumeInformationFile [0x8204EB8A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueueApcThread [0x81FBA85F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRaiseException [0x81E57758]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRaiseHardError [0x81F82178]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReadFile [0x82013CC5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReadFileScatter [0x81F8C155]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReadRequestData [0x8208868D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReadVirtualMemory [0x81FDB9B1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRegisterThreadTerminatePort [0x8209BC0A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReleaseMutant [0x8203CD1C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReleaseSemaphore [0x81FF16B0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRemoveIoCompletion [0x82016DD5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRemoveProcessDebug [0x8206DDEB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRenameKey [0x8205D62C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReplaceKey [0x8205CF36]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReplacePartitionUnit [0x81ED530F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReplyPort [0x81FEA6F7]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReplyWaitReceivePort [0x82042E30]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReplyWaitReceivePortEx [0x82042CDF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReplyWaitReplyPort [0x82088863]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRequestPort [0x82015246]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRequestWaitReplyPort [0x8204CF12]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRequestWakeupLatency [0x82097AFB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwResetEvent [0x81FC1460]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwResetWriteWatch [0x81EDB3CD]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRestoreKey [0x8205BD32]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwResumeProcess [0x8209C52B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwResumeThread [0x82024ADA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSaveKey [0x8205BEE9]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSaveKeyEx [0x8205C087]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSaveMergedKeys [0x8205C25F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSecureConnectPort [0x81FD66CF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetBootEntryOrder [0x820BF888]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetBootOptions [0x820BFD8C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetContextThread [0x8209C03F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetDebugFilterState [0x81F474A8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetDefaultHardErrorPort [0x81F63758]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetDefaultLocale [0x81F90415]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetDefaultUILanguage [0x81F908EC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetDriverEntryOrder [0x820C083B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetEaFile [0x820773B2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetEvent [0x8203C384]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetEventBoostPriority [0x820BDBE9]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetHighEventPair [0x820C4A1F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetHighWaitLowEventPair [0x820C4951]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationDebugObject [0x8206E52E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationFile [0x82002E2D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationJobObject [0x81FB3296]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationKey [0x8205CAD5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationObject [0x81FEF95F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationProcess [0x8201D868]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationThread [0x8200223D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationToken [0x81FCEC5E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetIntervalProfile [0x820C5168]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetIoCompletion [0x8200C519]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetLdtEntries [0x8209DCAB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetLowEventPair [0x820C49BC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetLowWaitHighEventPair [0x820C48E6]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetQuotaInformationFile [0x82077FB8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetSecurityObject [0x81FC8FFD]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetSystemEnvironmentValue [0x820BE48D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetSystemEnvironmentValueEx [0x820BEAB5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetSystemInformation [0x81FEFE9B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetSystemPowerState [0x820E30A1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetSystemTime [0x820BAAF9]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetThreadExecutionState [0x81FB1116]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetTimer [0x81EB8AAF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetTimerResolution [0x81FBA4F5]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetUuidSeed [0x81F66A80]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetValueKey [0x81FE7382]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetVolumeInformationFile [0x82077FD2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwShutdownSystem [0x820BC42D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSignalAndWaitForSingleObject [0x81EC7F07]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwStartProfile [0x820C4EC8]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwStopProfile [0x820C50A1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSuspendProcess [0x8209C4CB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSuspendThread [0x81FA3921]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSystemDebugControl [0x82001E51]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTerminateJobObject [0x81FE1E22]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTerminateProcess [0x81FFA0D3]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTerminateThread [0x820254C4]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTestAlert [0x82023407]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwThawRegistry [0x81ECC81B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwThawTransactions [0x820AD833]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTraceEvent [0x81E34336]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTraceControl [0x81FF82DF]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwTranslateFilePath [0x820C0A47]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnloadDriver [0x82078824]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnloadKey [0x8205587B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnloadKey2 [0x82055895]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnloadKeyEx [0x8205C3F3]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnlockFile [0x81FCAA78]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnlockVirtualMemory [0x81E22A76]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwUnmapViewOfSection [0x82019AFD]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwVdmControl [0x820B0F63]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitForDebugEvent [0x8206E03B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitForMultipleObjects [0x8203C905]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitForSingleObject [0x8203B7AC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitHighEventPair [0x820C487D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitLowEventPair [0x820C4814]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWriteFile [0x8201C26A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWriteFileGather [0x8205AE40]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWriteRequestData [0x820886FA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWriteVirtualMemory [0x820168CD]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwYieldExecution [0x81E34992]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateKeyedEvent [0x81FC3560]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwOpenKeyedEvent [0x820C525D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReleaseKeyedEvent [0x82003C58]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitForKeyedEvent [0x82003976]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryPortInformationProcess [0x8209B264]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetCurrentProcessorNumber [0x81FA3FEA]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitForMultipleObjects32 [0x82091D4F]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetNextProcess [0x8209C6E0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetNextThread [0x8209C94D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCancelIoFileEx [0x82058FF9]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCancelSynchronousIoFile [0x820768FB]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRemoveIoCompletionEx [0x81FE4F5E]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwRegisterProtocolAddressInformation [0x81F7E95C]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPropagationComplete [0x820AFFD3]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwPropagationFailed [0x820B00A2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateWorkerFactory [0x81FC3C19]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReleaseWorkerFactoryWorker [0x81EB90CC]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWaitForWorkViaWorkerFactory [0x81EB8D66]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwSetInformationWorkerFactory [0x81E241C0]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryInformationWorkerFactory [0x81EEF201]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwWorkerFactoryWorkerReady [0x81E3CE7A]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwShutdownWorkerFactory [0x81FB01D1]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateThreadEx [0x82024F79]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwCreateUserProcess [0x81FD2BD2]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwQueryLicenseValue [0x81FD040B]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwMapCMFModule [0x81FD805D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwIsUILanguageComitted [0x81F90A89]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwFlushInstallUILanguage [0x81F90919]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwGetMUIRegistryInfo [0x81FDA76D]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwAcquireCMFViewOwnership [0x820C5375]
SSDT      \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        ZwReleaseCMFViewOwnership [0x820C553F]

INT 0x00  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E54940
INT 0x01  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E54AC0
INT 0x03  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E54F14
INT 0x04  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5509C
INT 0x05  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E551FC
INT 0x06  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E55370
INT 0x07  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E559E0
INT 0x09  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E55E08
INT 0x0A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E55F2C
INT 0x0B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5606C
INT 0x0C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E562CC
INT 0x0D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E565B4
INT 0x0E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E56CB8
INT 0x0F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x10  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E571A4
INT 0x11  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E572E4
INT 0x12  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x13  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57450
INT 0x14  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x15  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x16  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x17  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x18  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x19  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x1A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x1B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x1C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x1D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x1E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x1F  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DACD0
INT 0x2A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5407A
INT 0x2B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E54200
INT 0x2C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5433C
INT 0x2D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E54DEC
INT 0x2E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53A3E
INT 0x2F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E57080
INT 0x30  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53100
INT 0x31  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5310A
INT 0x32  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53114
INT 0x33  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5311E
INT 0x34  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53128
INT 0x35  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53132
INT 0x36  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5313C
INT 0x37  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DA0E8
INT 0x38  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53150
INT 0x39  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5315A
INT 0x3A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53164
INT 0x3B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5316E
INT 0x3C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53178
INT 0x3D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53182
INT 0x3E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5318C
INT 0x3F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53196
INT 0x40  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531A0
INT 0x41  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531AA
INT 0x42  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531B4
INT 0x43  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531BE
INT 0x44  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531C8
INT 0x45  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531D2
INT 0x46  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531DC
INT 0x47  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531E6
INT 0x48  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531F0
INT 0x49  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E531FA
INT 0x4A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53204
INT 0x4B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5320E
INT 0x4C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53218
INT 0x4D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53222
INT 0x4E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5322C
INT 0x4F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53236
INT 0x50  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53240
INT 0x51  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5324A
INT 0x52  \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)             807AFF02
INT 0x53  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5325E
INT 0x54  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53268
INT 0x55  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53272
INT 0x56  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5327C
INT 0x57  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53286
INT 0x58  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53290
INT 0x59  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5329A
INT 0x5A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532A4
INT 0x5B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532AE
INT 0x5C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532B8
INT 0x5D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532C2
INT 0x5E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532CC
INT 0x5F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532D6
INT 0x60  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532E0
INT 0x61  \SystemRoot\system32\DRIVERS\serial.sys (Serieller Gerätetreiber/Microsoft Corporation)             8E9343FE
INT 0x62  \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)             807AFF02
INT 0x63  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E532FE
INT 0x64  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53308
INT 0x65  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53312
INT 0x66  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5331C
INT 0x67  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53326
INT 0x68  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53330
INT 0x69  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5333A
INT 0x6A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53344
INT 0x6B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5334E
INT 0x6C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53358
INT 0x6D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53362
INT 0x6E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5336C
INT 0x6F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53376
INT 0x70  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53380
INT 0x71  \SystemRoot\system32\DRIVERS\serial.sys (Serieller Gerätetreiber/Microsoft Corporation)             8E9343FE
INT 0x72  \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)             807AFF02
INT 0x72  \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)             807AFF02
INT 0x72  \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)          8E8E6C0A
INT 0x72  \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)             807AFF02
INT 0x73  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5339E
INT 0x74  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533A8
INT 0x75  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533B2
INT 0x76  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533BC
INT 0x77  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533C6
INT 0x78  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533D0
INT 0x79  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533DA
INT 0x7A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533E4
INT 0x7B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533EE
INT 0x7C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E533F8
INT 0x7D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53402
INT 0x7E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5340C
INT 0x7F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53416
INT 0x80  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53420
INT 0x81  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5342A
INT 0x82  \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation)  8E80E390
INT 0x83  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5343E
INT 0x84  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53448
INT 0x85  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53452
INT 0x86  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5345C
INT 0x87  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53466
INT 0x88  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53470
INT 0x89  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5347A
INT 0x8A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53484
INT 0x8B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5348E
INT 0x8C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53498
INT 0x8D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534A2
INT 0x8E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534AC
INT 0x8F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534B6
INT 0x90  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534C0
INT 0x91  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534CA
INT 0x92  \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation)  8E80E390
INT 0x93  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534DE
INT 0x94  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534E8
INT 0x95  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534F2
INT 0x96  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E534FC
INT 0x97  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53506
INT 0x98  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53510
INT 0x99  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5351A
INT 0x9A  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53524
INT 0x9B  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5352E
INT 0x9C  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53538
INT 0x9D  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53542
INT 0x9E  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5354C
INT 0x9F  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53556
INT 0xA0  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53560
INT 0xA1  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5356A
INT 0xA2  \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation)            8E97A286
INT 0xA3  \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)          8E8E6C0A
INT 0xA4  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53588
INT 0xA5  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53592
INT 0xA6  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5359C
INT 0xA7  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535A6
INT 0xA8  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535B0
INT 0xA9  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535BA
INT 0xAA  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535C4
INT 0xAB  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535CE
INT 0xAC  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535D8
INT 0xAD  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535E2
INT 0xAE  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535EC
INT 0xAF  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E535F6
INT 0xB0  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81EB88DB
INT 0xB1  \SystemRoot\system32\drivers\acpi.sys (ACPI-Treiber für NT/Microsoft Corporation)                   806A1A3E
INT 0xB2  \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation)            8E970F56
INT 0xB3  \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)          8E8E6C0A
INT 0xB4  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53628
INT 0xB5  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53632
INT 0xB6  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5363C
INT 0xB7  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53646
INT 0xB8  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53650
INT 0xB9  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5365A
INT 0xBA  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53664
INT 0xBB  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5366E
INT 0xBC  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53678
INT 0xBD  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53682
INT 0xBE  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5368C
INT 0xBF  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53696
INT 0xC0  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536A0
INT 0xC1  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DA3D8
INT 0xC2  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536B4
INT 0xC3  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536BE
INT 0xC4  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536C8
INT 0xC5  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536D2
INT 0xC6  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536DC
INT 0xC7  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536E6
INT 0xC8  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536F0
INT 0xC9  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E536FA
INT 0xCA  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53704
INT 0xCB  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5370E
INT 0xCC  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53718
INT 0xCD  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53722
INT 0xCE  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5372C
INT 0xCF  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53736
INT 0xD0  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53740
INT 0xD1  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821C6724
INT 0xD2  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53754
INT 0xD3  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5375E
INT 0xD4  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53768
INT 0xD5  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53772
INT 0xD6  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5377C
INT 0xD7  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53786
INT 0xD8  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53790
INT 0xD9  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5379A
INT 0xDA  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537A4
INT 0xDB  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537AE
INT 0xDC  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537B8
INT 0xDD  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537C2
INT 0xDE  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537CC
INT 0xDF  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DA1C0
INT 0xE0  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537E0
INT 0xE1  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DAB40
INT 0xE2  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E537F4
INT 0xE3  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DA6D4
INT 0xE4  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53808
INT 0xE5  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53812
INT 0xE6  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5381C
INT 0xE7  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53826
INT 0xE8  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53830
INT 0xE9  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5383A
INT 0xEA  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53844
INT 0xEB  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5384E
INT 0xEC  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53858
INT 0xED  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53862
INT 0xEE  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53869
INT 0xEF  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53870
INT 0xF0  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53877
INT 0xF1  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5387E
INT 0xF2  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53885
INT 0xF3  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5388C
INT 0xF4  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E53893
INT 0xF5  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E5389A
INT 0xF6  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538A1
INT 0xF7  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538A8
INT 0xF8  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538AF
INT 0xF9  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538B6
INT 0xFA  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538BD
INT 0xFB  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538C4
INT 0xFC  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538CB
INT 0xFD  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DB100
INT 0xFE  \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                 821DB36C
INT 0xFF  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                        81E538E0

SYSENTER  \SystemRoot\system32\ntkrnlpa.exe                                                                   81E53B10

---- EOF - GMER 2.1 ----
__________________
Alt 25.02.2013, 16:39   #3
t'john
/// Helfer-Team
 
Computer langsam, Internet schleppend - Verdacht ... aber was? - Standard

Computer langsam, Internet schleppend - Verdacht ... aber was?




Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] --  C:\Windows\system32\XDva401.sys -- (XDva401) 
DRV - File not found [Kernel |  On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400) 
DRV -  File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys  -- (XDva397) 
DRV - File not found [Kernel | On_Demand | Stopped] --  C:\Windows\system32\XDva396.sys -- (XDva396) 
DRV - File not found [Kernel |  On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394) 
DRV -  File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys  -- (XDva393) 
DRV - File not found [Kernel | On_Demand | Stopped] --  C:\Windows\system32\XDva385.sys -- (XDva385) 
DRV - File not found [Kernel |  On_Demand | Stopped] -- C:\Windows\system32\XDva369.sys -- (XDva369) 
DRV -  File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys  -- (XDva359) 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet  Settings: "ProxyOverride" = 127.0.0.1:9421; 

:Files  
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Barbara\*.tmp
C:\Users\Barbara\AppData\*.dll
C:\Users\Barbara\AppData\*.exe
C:\Users\Barbara\AppData\Local\Temp\*.exe
C:\Users\Barbara\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig  /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________
Alt 26.02.2013, 15:55   #4
FSt_CH
 
Computer langsam, Internet schleppend - Verdacht ... aber was? - Standard

Computer langsam, Internet schleppend - Verdacht ... aber was?


Hallo t'john
Danke für Deine Hilfe.

Ich hab jetzt zweimal versucht OTL nach Deiner Anleitung laufen zu lassen, nach kurzer Zeit bleibt das Programm mit "Keine Rückmeldung" hängen. Habe nach etwa 30 Min jeweils abgebrochen und den Dienst neu gestartet.
Mach ich was falsch? Oder musst ich vorher noch irgendwas machen?

Alt 27.02.2013, 11:45   #5
t'john
/// Helfer-Team
 
Computer langsam, Internet schleppend - Verdacht ... aber was? - Standard

Computer langsam, Internet schleppend - Verdacht ... aber was?


Versuche es im abgesicherten Modus.

__________________
Mfg, t'john
Das TB unterstützen

Alt 23.04.2013, 14:15   #6
t'john
/// Helfer-Team
 
Computer langsam, Internet schleppend - Verdacht ... aber was? - Standard

Computer langsam, Internet schleppend - Verdacht ... aber was?


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
--> Computer langsam, Internet schleppend - Verdacht ... aber was?

Antwort

Themen zu Computer langsam, Internet schleppend - Verdacht ... aber was?
adobe, autorun, bho, computer, defender, error, firefox, flash player, format, google, helper, home, internet, intranet, kaspersky, langsam, logfile, mozilla, object, plug-in, realtek, registry, scan, security, software, system, vista


« snap.do eingefangen in XP | GVU Trojaner »


Ähnliche Themen: Computer langsam, Internet schleppend - Verdacht ... aber was?


  1. Windows 8.1 unendlich langsam, Seitenaufbau schleppend; verzögerte Reaktion; begrenztes Internet
    Log-Analyse und Auswertung - 30.10.2015 (15)
  2. Pc und INternet langsam, CPU-Auslastung hoch, aber kein Virus gefunden!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (11)
  3. Computer und Internet sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (13)
  4. Verdacht auf Virenbefall - Internet langsam/laggt
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (13)
  5. norton internet security 2013 zeigt an Computer ist gefährdet, aber macht nichts
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (3)
  6. Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner
    Log-Analyse und Auswertung - 25.01.2011 (35)
  7. Internet extrem langsam! Verdacht auf Virus ?
    Log-Analyse und Auswertung - 18.11.2010 (1)
  8. Virus entfernt, Computer aber trotzdem noch langsam......
    Log-Analyse und Auswertung - 31.07.2010 (3)
  9. Internet extrem langsam, aber Downloadrate ok
    Log-Analyse und Auswertung - 03.08.2009 (3)
  10. Tronajer Verdacht Internet spürbar langsam
    Log-Analyse und Auswertung - 18.07.2009 (2)
  11. Internet ist total langsam aber PC Programme öffnen sich normal!!!
    Log-Analyse und Auswertung - 08.05.2009 (0)
  12. Internet schleppend langsam
    Log-Analyse und Auswertung - 18.03.2009 (29)
  13. Computer im Internet tierisch langsam!!!
    Log-Analyse und Auswertung - 25.06.2008 (4)
  14. HILFE!!!Computer ist langsam Verdacht auf Trojaner
    Log-Analyse und Auswertung - 13.06.2007 (3)
  15. Internet trotz DSL schleppend
    Mülltonne - 07.06.2007 (0)
  16. Computer disconnected nach 2 Minuten aus dem Internet - Verdacht auf Wurm
    Plagegeister aller Art und deren Bekämpfung - 07.01.2007 (6)
  17. Computer und Internet sehr langsam !
    Log-Analyse und Auswertung - 14.11.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Computer langsam, Internet schleppend - Verdacht ... aber was? - Hallo liebe Helfer Ich versuche hier gerade einem System wieder Manieren beizubringen, aber irgendwie komm ich nicht weiter. Kann mir mal jemand mit mehr Sachverstand helfen ... Danke Euch! OTL.txt - Computer langsam, Internet schleppend - Verdacht ... aber was?...
Archiv
Du betrachtest: Computer langsam, Internet schleppend - Verdacht ... aber was? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131