| |
| |||||||
Log-Analyse und Auswertung: Vista - BKA-Trojaner - Blockierung durch GruppenrichtlinienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.06.2014, 22:32
| #1 |
 |  Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Hi! Auf dem Laptop meiner Eltern hat sich eine Variation des BKA-Trojaners eingenistet. Nach einiger Recherche im Netz habe ich mir die Kaspersky Recue Disc gebrannt und den Schädling aus dem System geschmissen. So weit, so gut. Jedoch lässt sich auf dem Rechner weder der Antivir noch Malwarebytes Anti-Malware starten, deinstallieren, aufrufen, etc. Jedes Mal kommt der Hinweis auf eine Blockierung durch die Gruppenrichtlinien. Das ist momentan der Stand der Dinge. Ich hoffe Ihr könnt mir weiterhelfen. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:00 on 23/06/2014 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Administrator (administrator) on JOSEF-PC on 23-06-2014 21:04:25
Running from C:\Users\Administrator\Downloads
Platform: Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Windows\System32\lpremove.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
========================== Services (Whitelisted) =================
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:07 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-23 21:04 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-23 21:03 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-23 20:47 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
==================== One Month Modified Files and Folders =======
2014-06-23 21:07 - 2014-06-23 21:04 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:07 - 2007-11-25 21:09 - 01122012 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-23 21:03 - 2014-06-23 21:02 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-23 20:50 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 20:48 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:47 - 2014-06-22 15:22 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 19:04 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-22 19:04 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:42 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:49 - 2010-12-20 14:03 - 00000000 ____D () C:\Program Files\IncrediMail_MediaBar_2
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:37 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 19:07 - 2014-06-16 16:40 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
2014-06-21 12:08 - 2014-06-21 12:01 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:47 - 2014-06-17 20:45 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-17 20:14 - 2014-06-17 20:07 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:48 - 2014-06-17 10:47 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:29 - 2014-06-16 19:27 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:23 - 2014-06-16 19:21 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-23 20:53
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Administrator at 2014-06-23 21:08:26
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Application Installer 4.00.B14 (HKLM\...\{70CEFEBA-F757-4DBE-8A21-027C326137CE}) (Version: 4.00.B14 - Hewlett-Packard Company)
ATI Catalyst Install Manager (HKLM\...\{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}) (Version: 3.0.641.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: - ATI Technologies, Inc.)
Avira AntiVir Personal - Free Antivirus (HKLM\...\AntiVir PersonalEdition Classic) (Version: - Avira GmbH)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Catalyst Control Center Core Implementation (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0202.1934.34870 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Czech (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Danish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Dutch (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help English (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Finnish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help French (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help German (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Greek (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Italian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Japanese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Korean (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Polish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Russian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Spanish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Swedish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Thai (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Turkish (Version: 2007.0202.1933.34870 - ATI) Hidden
ccc-Branding (HKLM\...\{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0202.1934.34870 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.0202.1934.34870 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conduit Engine (HKLM\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Credential Manager for HP ProtectTools (HKLM\...\{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}) (Version: 2.5.0.880.13 - Hewlett-Packard)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Vista (HKLM\...\{DFE967A8-9C30-413C-B2D5-C0D576949553}) (Version: 1.0.10.1 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP Active Support Library (Version: 2.0.9.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 1.0.9 - Hewlett-Packard) Hidden
HP BIOS Configuration for ProtectTools (HKLM\...\{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}) (Version: 3.00 C1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}) (Version: 1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4900 - HP)
HP Notebook Accessories Product Tour (HKLM\...\{521F72F4-FFE4-4959-AA88-EED06125211F}) (Version: 13.0.0 - Hewlett-Packard)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP ProtectTools Security Manager (HKLM\...\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}) (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.20 F2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 F2 - Hewlett-Packard)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guides 0064 (HKLM\...\{E25AA53F-6878-4C64-8130-EB8D678DF303}) (Version: 1.03.0000 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname)
IncrediMail MediaBar 2 Toolbar (HKLM\...\IncrediMail_MediaBar_2 Toolbar) (Version: 6.1.0.7 - IncrediMail MediaBar 2) <==== ATTENTION
InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version: - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{3912A629-0020-0005-3131-2FBA74D4DF0A}) (Version: - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1164 - InterVideo Inc.)
Java 7 Update 10 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
jose (HKLM\...\jose-chess) (Version: 1.3 - )
LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetCologne-Installationsdateien entfernen (HKLM\...\NetCologne) (Version: - )
OpenOffice.org 2.4 (HKLM\...\{1B14B0C3-2D60-477C-A1FE-B88E60948854}) (Version: 2.4.9286 - OpenOffice.org)
PDF Complete (HKLM\...\PDF Complete) (Version: - )
Pegasus Mail (HKLM\...\Pegasus Mail) (Version: - David Harris)
Pegasus Mail v4.51 R1 (Deutsche Komplettversion) (HKLM\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version: - Tech Soft GmbH)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1008 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (Version: 1.0.0.1008 - Ihr Firmenname) Hidden
Registry System Wizard.NET (HKLM\...\{110ED870-1DF3-4574-A679-E2C4A8163211}_is1) (Version: 0.13.731.51 - WinFAQ)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.116 - Roxio)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Skat (HKLM\...\Skat_is1) (Version: - madcat Software GmbH)
Skat Installer (HKLM\...\SkatInstaller) (Version: - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5180 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ST Wiederherstellungs- & Sicherungsprogramme (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 4.0.14 - Hewlett-Packard Company )
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Two Worlds Pinball (HKLM\...\Two Worlds Pinball) (Version: 1.00 - TopWare Interactive Inc.)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Vista Default Settings (HKLM\...\{C6271F2D-3D0A-439B-BD78-584E017C636E}) (Version: 1.0.5.1 - Hewlett-Packard)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2B3E9ADD-508C-4CF7-9700-73B6165FC3E4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3990F0B8-156A-44C3-ABA3-9BAD73A52FF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {75243CA4-DAEB-4277-AD9A-D16EF95D0AEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {A54364EA-7555-4899-88DA-84332EAA7C63} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {B6F2CA9C-886C-4FE0-AB69-E82946FFF9CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-01-18 20:35 - 2008-04-21 21:00 - 00339968 _____ () C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
2007-02-02 18:01 - 2007-02-02 18:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2007-02-16 17:40 - 2007-02-16 17:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 17:40 - 2007-02-16 17:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2014 08:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: c50
Anfangszeit: 01cf8f13c9322e5d
Zeitpunkt der Beendigung: 0
Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (06/22/2014 06:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x0014cb53,
Prozess-ID 0x524, Anwendungsstartzeit iexplore.exe0.
Error: (06/22/2014 03:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul PriceGongIE.dll, Version 3.6.12.0, Zeitstempel 0x516e945c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000b078,
Prozess-ID 0xbd0, Anwendungsstartzeit iexplore.exe0.
Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
Error: (06/22/2014 00:56:33 PM) (Source: MsiInstaller) (EventID: 11920) (User: Josef-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.
Error: (06/22/2014 00:43:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: f3c
Anfangszeit: 01cf8e0378293afd
Zeitpunkt der Beendigung: 3866
Error: (06/22/2014 00:11:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
System errors:
=============
Error: (04/28/2013 09:32:24 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 001A73A8CD9D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (04/28/2013 09:32:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 27.04.2013 um 22:59:19 unerwartet heruntergefahren.
Error: (04/27/2013 09:08:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 001A73A8CD9D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (04/27/2013 08:48:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058
Error: (04/27/2013 08:47:11 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (04/27/2013 10:44:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (04/27/2013 09:13:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058
Error: (04/27/2013 09:12:28 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (04/27/2013 00:06:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (04/26/2013 10:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058
Microsoft Office Sessions:
=========================
Error: (06/23/2014 08:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6001.18164c5001cf8f13c9322e5d0
Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)
Error: (06/22/2014 07:03:37 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)
Error: (06/22/2014 06:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.190884de07b1bmshtml.dll8.0.6001.190884de090edc00000050014cb5352401cf8e212fce318d
Error: (06/22/2014 03:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.190884de07b1bPriceGongIE.dll3.6.12.0516e945cc00000050000b078bd001cf8e20a6b95f21
Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)
Error: (06/22/2014 03:18:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)
Error: (06/22/2014 00:56:33 PM) (Source: MsiInstaller) (EventID: 11920) (User: Josef-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)
Error: (06/22/2014 00:43:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6001.18164f3c01cf8e0378293afd3866
Error: (06/22/2014 00:11:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-06-23 21:07:34.723
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:34.379
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:34.004
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:33.536
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:33.129
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:32.786
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:32.442
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 21:07:32.067
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 09:23:35.882
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 09:23:35.449
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 85%
Total physical RAM: 894.53 MB
Available physical RAM: 131.46 MB
Total Pagefile: 2053.43 MB
Available Pagefile: 589.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:65.39 GB) (Free:22.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (OS_TOOLS) (Fixed) (Total:1.55 GB) (Free:1.32 GB) NTFS
Drive f: (HP_RECOVERY) (Fixed) (Total:7.59 GB) (Free:0.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 8451F94D)
Partition 1: (Active) - (Size=65 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.06.2014, 22:45
| #2 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Gmer
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-23 23:05:56
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8037GSX rev.DL232C 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kgloypow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAcceptConnectPort [0x81FFF991]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheck [0x81E6C023]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckAndAuditAlarm [0x82033E31]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByType [0x81E71185]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeAndAuditAlarm [0x82033D51]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeResultList [0x81F25C0C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeResultListAndAuditAlarm [0x820E72BD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x820E7306]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAddAtom [0x82001C22]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAddBootEntry [0x820FC2AE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAddDriverEntry [0x820FD552]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAdjustGroupsToken [0x82029D58]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAdjustPrivilegesToken [0x8202ACF3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlertResumeThread [0x820DAEE9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlertThread [0x82040305]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateLocallyUniqueId [0x8202013D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateUserPhysicalPages [0x820CCCCB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateUuids [0x81FEBFA1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAllocateVirtualMemory [0x82077E68]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcAcceptConnectPort [0x820326CE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCancelMessage [0x81FF9355]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcConnectPort [0x820314F3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreatePort [0x82001803]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreatePortSection [0x8204288C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreateResourceReserve [0x81FF7844]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreateSectionView [0x8204265C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcCreateSecurityContext [0x8203C04A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeletePortSection [0x8202562D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeleteResourceReserve [0x820C869B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeleteSectionView [0x8202A707]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDeleteSecurityContext [0x8203C61C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcDisconnectPort [0x8202B51F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcImpersonateClientOfPort [0x820378CD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcOpenSenderProcess [0x82002ADF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcOpenSenderThread [0x82004B93]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcQueryInformation [0x8202B5C1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcQueryInformationMessage [0x82040480]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcRevokeSecurityContext [0x820C87C0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcSendWaitReceivePort [0x82070EA8]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAlpcSetInformation [0x8201DDC3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwApphelpCacheControl [0x82012B86]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAreMappedFilesTheSame [0x8209499E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAssignProcessToJobObject [0x82005211]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCallbackReturn [0x81EFE3EC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelDeviceWakeupRequest [0x820D67E9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelIoFile [0x81FF8552]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelTimer [0x81E7138E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwClearEvent [0x8208FE96]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwClose [0x82062CA5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCloseObjectAuditAlarm [0x82033C76]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCompactKeys [0x8209C284]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCompareTokens [0x81FFC0A3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCompleteConnectPort [0x81FFFA0E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCompressKey [0x8209C50F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwConnectPort [0x8201184D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwContinue [0x81EA04C8]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateDebugObject [0x820ABBD0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateDirectoryObject [0x8201E93A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateEvent [0x8206DA84]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateEventPair [0x82101968]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateFile [0x8206C366]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateIoCompletion [0x8201115E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateJobObject [0x81FF0672]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateJobSet [0x820DCC57]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x8202CFA5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKeyTransacted [0x81FC17FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateMailslotFile [0x81FE49EA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateMutant [0x8207BF77]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateNamedPipeFile [0x82013104]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreatePrivateNamespace [0x81FDF0C2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreatePagingFile [0x81F9660D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreatePort [0x81FDC581]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateProcess [0x820D972B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateProcessEx [0x820D9776]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateProfile [0x82101FE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateSection [0x8208E689]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateSemaphore [0x820253FE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateSymbolicLinkObject [0x8201E3FB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateThread [0x820D9560]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateTimer [0x82001866]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateToken [0x82022121]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateTransaction [0x81FF0F95]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenTransaction [0x820E9AF3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationTransaction [0x820E9D02]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationTransactionManager [0x81FBA2FA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrePrepareEnlistment [0x820E9428]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrepareEnlistment [0x820E9367]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCommitEnlistment [0x820E94E9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReadOnlyEnlistment [0x820E996D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRollbackComplete [0x820E9A2C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRollbackEnlistment [0x820E95AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCommitTransaction [0x81FBFB07]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRollbackTransaction [0x81FBD3DA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrePrepareComplete [0x820E972C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrepareComplete [0x820E966B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCommitComplete [0x820E97ED]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSinglePhaseReject [0x820E98AE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationTransaction [0x820EA5D7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationTransactionManager [0x820EAE3F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationResourceManager [0x81FBACEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateTransactionManager [0x81FC8B37]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenTransactionManager [0x81FBAF70]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRenameTransactionManager [0x820EAC07]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRollforwardTransactionManager [0x820EAD74]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRecoverEnlistment [0x820E8EB0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRecoverResourceManager [0x81FCA3B4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRecoverTransactionManager [0x81FC6D56]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateResourceManager [0x81FC868B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenResourceManager [0x81FBA83A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetNotificationResourceManager [0x81FCA429]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationResourceManager [0x820EA9BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateEnlistment [0x81FBEB9A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenEnlistment [0x820E8CE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationEnlistment [0x820E9178]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationEnlistment [0x820E8F0B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateWaitablePort [0x81FD2C75]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDebugActiveProcess [0x820ACAD8]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDebugContinue [0x820AD19D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDelayExecution [0x8208FC7A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteAtom [0x81FF973D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteBootEntry [0x820FC2DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteDriverEntry [0x820FD583]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteFile [0x81FB6A65]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteKey [0x81FFA83C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeletePrivateNamespace [0x820D1DC1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteObjectAuditAlarm [0x82094E85]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeleteValueKey [0x81FF521F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDeviceIoControlFile [0x8207BE13]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDisplayString [0x81F940BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDuplicateObject [0x8203F231]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwDuplicateToken [0x8203047A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateBootEntries [0x820FC4E0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateDriverEntries [0x820FD782]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateKey [0x8204CF8E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateSystemEnvironmentValuesEx [0x820FC0AF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateTransactionObject [0x820EA3C5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwEnumerateValueKey [0x82016A16]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwExtendSection [0x820CB115]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFilterToken [0x81FEF3E0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFindAtom [0x81FF9201]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushBuffersFile [0x82037B3F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushInstructionCache [0x81FF732B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushKey [0x81FCA538]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushProcessWriteBuffers [0x81E5CA52]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushVirtualMemory [0x81FF3A28]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushWriteBuffer [0x820CDD34]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFreeUserPhysicalPages [0x820CD3FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFreeVirtualMemory [0x81ED6CE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFreezeRegistry [0x81F07CC9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFreezeTransactions [0x820EA852]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFsControlFile [0x8206ED1D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetContextThread [0x82097C7E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetDevicePowerState [0x820D681B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetNlsSectionPtr [0x81FF16B3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetPlugPlayEvent [0x81FD6840]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetWriteWatch [0x81F16354]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwImpersonateAnonymousToken [0x82000257]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwImpersonateClientOfPort [0x8202551B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwImpersonateThread [0x82012980]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwInitializeNlsFiles [0x82010B87]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwInitializeRegistry [0x81FB645A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwInitiatePowerAction [0x820D65F4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwIsProcessInJob [0x82099F04]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwIsSystemResumeAutomatic [0x820D67FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwListenPort [0x81FA4E75]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLoadDriver [0x81FB4AD0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLoadKey [0x81FCA408]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLoadKey2 [0x81F98D1A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLoadKeyEx [0x81FCC4C6]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLockFile [0x820203BD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLockProductActivationKeys [0x81FF5542]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLockRegistryKey [0x81F8625A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwLockVirtualMemory [0x81E60FC1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwMakePermanentObject [0x81FF2572]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwMakeTemporaryObject [0x82024E35]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwMapUserPhysicalPages [0x820CC05E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwMapUserPhysicalPagesScatter [0x820CC5D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwMapViewOfSection [0x82069AFE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwModifyBootEntry [0x820FC4AF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwModifyDriverEntry [0x820FD753]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwNotifyChangeDirectoryFile [0x81FF62C2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwNotifyChangeKey [0x820061CD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwNotifyChangeMultipleKeys [0x8200549B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenDirectoryObject [0x8207996A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenEvent [0x8202B451]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenEventPair [0x82101A97]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenFile [0x820559E9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenIoCompletion [0x820B57B1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenJobObject [0x820DC94F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x8205A526]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKeyTransacted [0x81FC17A2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenMutant [0x82072644]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenPrivateNamespace [0x81FEC1FB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenObjectAuditAlarm [0x81FDF725]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenProcess [0x82056EF2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenProcessToken [0x8205267B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenProcessTokenEx [0x8204DE0D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenSection [0x8206DBA2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenSemaphore [0x81FF0823]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenSession [0x81FE217B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenSymbolicLinkObject [0x82024CA4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenThread [0x8204757A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenThreadToken [0x82052E51]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenThreadTokenEx [0x82050811]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenTimer [0x821016F3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPlugPlayControl [0x81FF7A9E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPowerInformation [0x82075567]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrivilegeCheck [0x82032C57]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrivilegeObjectAuditAlarm [0x81FDA71D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPrivilegedServiceAuditAlarm [0x81FF5ACC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwProtectVirtualMemory [0x8207BC7E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPulseEvent [0x8209A0D2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryAttributesFile [0x820519DA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryBootEntryOrder [0x820FC991]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryBootOptions [0x820FCDEF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDebugFilterState [0x81F02E59]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDefaultLocale [0x8200DD30]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDefaultUILanguage [0x81FCAA02]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDirectoryFile [0x8205617C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDirectoryObject [0x8206F878]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryDriverEntryOrder [0x820FD303]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryEaFile [0x81FA2B4C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryEvent [0x81FF8A8A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryFullAttributesFile [0x82016C90]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationAtom [0x81FF95EA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationFile [0x82050AE0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationJobObject [0x81FB6D95]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationPort [0x820C77A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationProcess [0x8208FEE4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationThread [0x82061706]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationToken [0x8204DF38]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInstallUILanguage [0x81FD26FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryIntervalProfile [0x821024E3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryIoCompletion [0x820B5888]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryKey [0x8204D3A0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryMultipleValueKey [0x8209BAF9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryMutant [0x82101DE6]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryObject [0x8201B0DC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryOpenSubKeys [0x8209BD55]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryOpenSubKeysEx [0x8209387C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryPerformanceCounter [0x8209172D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryQuotaInformationFile [0x820B6B64]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySection [0x8207BE46]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySecurityObject [0x82018EB3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySemaphore [0x820FB2E4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySymbolicLinkObject [0x8200D774]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySystemEnvironmentValue [0x820FB4DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySystemEnvironmentValueEx [0x820FBAE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySystemInformation [0x8207C06F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQuerySystemTime [0x82057D95]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryTimer [0x821017C6]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryTimerResolution [0x81FF5F1B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryValueKey [0x8204AF13]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryVirtualMemory [0x82051B77]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryVolumeInformationFile [0x8206ED50]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueueApcThread [0x81FF8F9C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRaiseException [0x81EA0510]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRaiseHardError [0x81FC4552]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReadFile [0x8205130A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReadFileScatter [0x81FD2D2C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReadRequestData [0x820C7867]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReadVirtualMemory [0x820201C9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRegisterThreadTerminatePort [0x820DA61C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReleaseMutant [0x8208FB60]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReleaseSemaphore [0x8203C378]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRemoveIoCompletion [0x82092330]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRemoveProcessDebug [0x820ACC23]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRenameKey [0x8209BFFE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReplaceKey [0x8209B9CE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReplacePartitionUnit [0x81F10997]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReplyPort [0x8203C278]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReplyWaitReceivePort [0x820616A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReplyWaitReceivePortEx [0x82061556]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReplyWaitReplyPort [0x820C7A3D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRequestPort [0x820475AF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRequestWaitReplyPort [0x82072415]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRequestWakeupLatency [0x820D6597]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwResetEvent [0x81FFF8B7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwResetWriteWatch [0x81F16ABD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRestoreKey [0x8209A982]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwResumeProcess [0x820DAE83]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwResumeThread [0x82046924]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSaveKey [0x8209AAA3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSaveKeyEx [0x8209ABAA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSaveMergedKeys [0x8209ACF7]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSecureConnectPort [0x8201125F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetBootEntryOrder [0x820FCBE0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetBootOptions [0x820FD0E4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetContextThread [0x820DA233]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetDebugFilterState [0x81F83489]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetDefaultHardErrorPort [0x81F9FF03]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetDefaultLocale [0x81FD9C6F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetDefaultUILanguage [0x81FDA020]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetDriverEntryOrder [0x820FDB93]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetEaFile [0x820B65B4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetEvent [0x8208FA83]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetEventBoostPriority [0x820FAF41]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetHighEventPair [0x82101D77]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetHighWaitLowEventPair [0x82101CA9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationDebugObject [0x820AD366]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationFile [0x82039B8F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationJobObject [0x81FEF98D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationKey [0x8209B56D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationObject [0x82034D83]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationProcess [0x82079A24]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationThread [0x82047EB4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationToken [0x82020C60]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetIntervalProfile [0x821024C0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetIoCompletion [0x82053B71]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetLdtEntries [0x820DC603]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetLowEventPair [0x82101D14]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetLowWaitHighEventPair [0x82101C3E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetQuotaInformationFile [0x820B71B6]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetSecurityObject [0x8201E773]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetSystemEnvironmentValue [0x820FB7E5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetSystemEnvironmentValueEx [0x820FBE0D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetSystemInformation [0x8203C722]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetSystemPowerState [0x8211E5E3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetSystemTime [0x820F7BE9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetThreadExecutionState [0x81FF1BE2]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetTimer [0x81E7ED03]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetTimerResolution [0x81FF83B6]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetUuidSeed [0x81FA33B4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetValueKey [0x8202DDD1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetVolumeInformationFile [0x820B71D0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwShutdownSystem [0x820F9869]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSignalAndWaitForSingleObject [0x81F038F0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwStartProfile [0x82102220]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwStopProfile [0x821023F9]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSuspendProcess [0x820DAE23]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSuspendThread [0x82097CEA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSystemDebugControl [0x82042E60]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTerminateJobObject [0x8201A60C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTerminateProcess [0x820282F0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTerminateThread [0x82054AF3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTestAlert [0x82046E31]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwThawRegistry [0x81F07D2D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwThawTransactions [0x820EA939]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTraceEvent [0x81E71845]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTraceControl [0x82033F66]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwTranslateFilePath [0x820FDD9F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnloadDriver [0x820B7A20]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnloadKey [0x8209530E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnloadKey2 [0x82095328]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnloadKeyEx [0x8209AE8B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnlockFile [0x8202082D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnlockVirtualMemory [0x81E5EE8D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwUnmapViewOfSection [0x8206A155]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwVdmControl [0x820EE071]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitForDebugEvent [0x820ACE73]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitForMultipleObjects [0x8205E026]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitForSingleObject [0x8208E8BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitHighEventPair [0x82101BD5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitLowEventPair [0x82101B6C]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWriteFile [0x8206C5A3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWriteFileGather [0x8201B6E0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWriteRequestData [0x820C78D4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWriteVirtualMemory [0x82053033]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwYieldExecution [0x81E6C1A0]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKeyedEvent [0x820013ED]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKeyedEvent [0x821025B5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReleaseKeyedEvent [0x8203F378]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitForKeyedEvent [0x8203E504]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryPortInformationProcess [0x820D9C1E]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetCurrentProcessorNumber [0x82097F6D]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitForMultipleObjects32 [0x820D0AA3]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetNextProcess [0x820DB038]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetNextThread [0x820DB2A5]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelIoFileEx [0x820B5A11]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCancelSynchronousIoFile [0x820B5B51]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRemoveIoCompletionEx [0x820033DE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwRegisterProtocolAddressInformation [0x81FBB1F1]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPropagationComplete [0x820ED0DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwPropagationFailed [0x820ED1AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateWorkerFactory [0x820019AD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReleaseWorkerFactoryWorker [0x81E81E4B]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWaitForWorkViaWorkerFactory [0x81E81983]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwSetInformationWorkerFactory [0x81E604FE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryInformationWorkerFactory [0x81F2B35F]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwWorkerFactoryWorkerReady [0x81E7410A]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwShutdownWorkerFactory [0x81FFCF41]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateThreadEx [0x82046F82]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateUserProcess [0x8200DE26]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwQueryLicenseValue [0x8200B4FA]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwMapCMFModule [0x820148C4]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwIsUILanguageComitted [0x81FCABCD]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwFlushInstallUILanguage [0x81FCACDE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwGetMUIRegistryInfo [0x82010DEE]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwAcquireCMFViewOwnership [0x821026AF]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwReleaseCMFViewOwnership [0x82102877]
INT 0x00 \SystemRoot\system32\ntkrnlpa.exe 81E9D730
INT 0x01 \SystemRoot\system32\ntkrnlpa.exe 81E9D8B0
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe 81E9DD04
INT 0x04 \SystemRoot\system32\ntkrnlpa.exe 81E9DE8C
INT 0x05 \SystemRoot\system32\ntkrnlpa.exe 81E9DFEC
INT 0x06 \SystemRoot\system32\ntkrnlpa.exe 81E9E160
INT 0x07 \SystemRoot\system32\ntkrnlpa.exe 81E9E7D0
INT 0x09 \SystemRoot\system32\ntkrnlpa.exe 81E9EBF8
INT 0x0A \SystemRoot\system32\ntkrnlpa.exe 81E9ED1C
INT 0x0B \SystemRoot\system32\ntkrnlpa.exe 81E9EE5C
INT 0x0C \SystemRoot\system32\ntkrnlpa.exe 81E9F0BC
INT 0x0D \SystemRoot\system32\ntkrnlpa.exe 81E9F3A4
INT 0x0E \SystemRoot\system32\ntkrnlpa.exe 81E9FAA8
INT 0x0F \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x10 \SystemRoot\system32\ntkrnlpa.exe 81E9FF5C
INT 0x11 \SystemRoot\system32\ntkrnlpa.exe 81EA009C
INT 0x12 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x13 \SystemRoot\system32\ntkrnlpa.exe 81EA0208
INT 0x14 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x15 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x16 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x17 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x18 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x19 \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x1A \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x1B \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x1C \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x1D \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x1E \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x1F \SystemRoot\system32\hal.dll 81E29CD0
INT 0x2A \SystemRoot\system32\ntkrnlpa.exe 81E9CE6A
INT 0x2B \SystemRoot\system32\ntkrnlpa.exe 81E9CFF0
INT 0x2C \SystemRoot\system32\ntkrnlpa.exe 81E9D12C
INT 0x2D \SystemRoot\system32\ntkrnlpa.exe 81E9DBDC
INT 0x2E \SystemRoot\system32\ntkrnlpa.exe 81E9C82E
INT 0x2F \SystemRoot\system32\ntkrnlpa.exe 81E9FE38
INT 0x30 \SystemRoot\system32\ntkrnlpa.exe 81E9BEF0
INT 0x31 \SystemRoot\system32\ntkrnlpa.exe 81E9BEFA
INT 0x32 \SystemRoot\system32\ntkrnlpa.exe 81E9BF04
INT 0x33 \SystemRoot\system32\ntkrnlpa.exe 81E9BF0E
INT 0x34 \SystemRoot\system32\ntkrnlpa.exe 81E9BF18
INT 0x35 \SystemRoot\system32\ntkrnlpa.exe 81E9BF22
INT 0x36 \SystemRoot\system32\ntkrnlpa.exe 81E9BF2C
INT 0x37 \SystemRoot\system32\hal.dll 81E290E8
INT 0x38 \SystemRoot\system32\ntkrnlpa.exe 81E9BF40
INT 0x39 \SystemRoot\system32\ntkrnlpa.exe 81E9BF4A
INT 0x3A \SystemRoot\system32\ntkrnlpa.exe 81E9BF54
INT 0x3B \SystemRoot\system32\ntkrnlpa.exe 81E9BF5E
INT 0x3C \SystemRoot\system32\ntkrnlpa.exe 81E9BF68
INT 0x3D \SystemRoot\system32\ntkrnlpa.exe 81E9BF72
INT 0x3E \SystemRoot\system32\ntkrnlpa.exe 81E9BF7C
INT 0x3F \SystemRoot\system32\ntkrnlpa.exe 81E9BF86
INT 0x40 \SystemRoot\system32\ntkrnlpa.exe 81E9BF90
INT 0x41 \SystemRoot\system32\ntkrnlpa.exe 81E9BF9A
INT 0x42 \SystemRoot\system32\ntkrnlpa.exe 81E9BFA4
INT 0x43 \SystemRoot\system32\ntkrnlpa.exe 81E9BFAE
INT 0x44 \SystemRoot\system32\ntkrnlpa.exe 81E9BFB8
INT 0x45 \SystemRoot\system32\ntkrnlpa.exe 81E9BFC2
INT 0x46 \SystemRoot\system32\ntkrnlpa.exe 81E9BFCC
INT 0x47 \SystemRoot\system32\ntkrnlpa.exe 81E9BFD6
INT 0x48 \SystemRoot\system32\ntkrnlpa.exe 81E9BFE0
INT 0x49 \SystemRoot\system32\ntkrnlpa.exe 81E9BFEA
INT 0x4A \SystemRoot\system32\ntkrnlpa.exe 81E9BFF4
INT 0x4B \SystemRoot\system32\ntkrnlpa.exe 81E9BFFE
INT 0x4C \SystemRoot\system32\ntkrnlpa.exe 81E9C008
INT 0x4D \SystemRoot\system32\ntkrnlpa.exe 81E9C012
INT 0x4E \SystemRoot\system32\ntkrnlpa.exe 81E9C01C
INT 0x4F \SystemRoot\system32\ntkrnlpa.exe 81E9C026
INT 0x50 \SystemRoot\system32\ntkrnlpa.exe 81E9C030
INT 0x51 \SystemRoot\system32\ntkrnlpa.exe 81E9C03A
INT 0x52 \SystemRoot\system32\ntkrnlpa.exe 81E9C044
INT 0x53 \SystemRoot\system32\ntkrnlpa.exe 81E9C04E
INT 0x54 \SystemRoot\system32\ntkrnlpa.exe 81E9C058
INT 0x55 \SystemRoot\system32\ntkrnlpa.exe 81E9C062
INT 0x56 \SystemRoot\system32\ntkrnlpa.exe 81E9C06C
INT 0x57 \SystemRoot\system32\ntkrnlpa.exe 81E9C076
INT 0x58 \SystemRoot\system32\ntkrnlpa.exe 81E9C080
INT 0x59 \SystemRoot\system32\ntkrnlpa.exe 81E9C08A
INT 0x5A \SystemRoot\system32\ntkrnlpa.exe 81E9C094
INT 0x5B \SystemRoot\system32\ntkrnlpa.exe 81E9C09E
INT 0x5C \SystemRoot\system32\ntkrnlpa.exe 81E9C0A8
INT 0x5D \SystemRoot\system32\ntkrnlpa.exe 81E9C0B2
INT 0x5E \SystemRoot\system32\ntkrnlpa.exe 81E9C0BC
INT 0x5F \SystemRoot\system32\ntkrnlpa.exe 81E9C0C6
INT 0x60 \SystemRoot\system32\ntkrnlpa.exe 81E9C0D0
INT 0x61 \SystemRoot\system32\ntkrnlpa.exe 81E9C0DA
INT 0x62 \SystemRoot\system32\ntkrnlpa.exe 81E9C0E4
INT 0x63 \SystemRoot\system32\ntkrnlpa.exe 81E9C0EE
INT 0x64 \SystemRoot\system32\ntkrnlpa.exe 81E9C0F8
INT 0x65 \SystemRoot\system32\ntkrnlpa.exe 81E9C102
INT 0x66 \SystemRoot\system32\ntkrnlpa.exe 81E9C10C
INT 0x67 \SystemRoot\system32\ntkrnlpa.exe 81E9C116
INT 0x68 \SystemRoot\system32\ntkrnlpa.exe 81E9C120
INT 0x69 \SystemRoot\system32\ntkrnlpa.exe 81E9C12A
INT 0x6A \SystemRoot\system32\ntkrnlpa.exe 81E9C134
INT 0x6B \SystemRoot\system32\ntkrnlpa.exe 81E9C13E
INT 0x6C \SystemRoot\system32\ntkrnlpa.exe 81E9C148
INT 0x6D \SystemRoot\system32\ntkrnlpa.exe 81E9C152
INT 0x6E \SystemRoot\system32\ntkrnlpa.exe 81E9C15C
INT 0x6F \SystemRoot\system32\ntkrnlpa.exe 81E9C166
INT 0x70 \SystemRoot\system32\ntkrnlpa.exe 81E9C170
INT 0x71 \SystemRoot\system32\ntkrnlpa.exe 81E9C17A
INT 0x72 \SystemRoot\system32\DRIVERS\USBPORT.SYS 86108C2F
INT 0x72 \SystemRoot\system32\DRIVERS\USBPORT.SYS 86108C2F
INT 0x72 \SystemRoot\system32\DRIVERS\USBPORT.SYS 86108C2F
INT 0x72 \SystemRoot\system32\DRIVERS\USBPORT.SYS 86108C2F
INT 0x72 \SystemRoot\system32\DRIVERS\USBPORT.SYS 86108C2F
INT 0x73 \SystemRoot\system32\ntkrnlpa.exe 81E9C18E
INT 0x74 \SystemRoot\system32\ntkrnlpa.exe 81E9C198
INT 0x75 \SystemRoot\system32\ntkrnlpa.exe 81E9C1A2
INT 0x76 \SystemRoot\system32\ntkrnlpa.exe 81E9C1AC
INT 0x77 \SystemRoot\system32\ntkrnlpa.exe 81E9C1B6
INT 0x78 \SystemRoot\system32\ntkrnlpa.exe 81E9C1C0
INT 0x79 \SystemRoot\system32\ntkrnlpa.exe 81E9C1CA
INT 0x7A \SystemRoot\system32\ntkrnlpa.exe 81E9C1D4
INT 0x7B \SystemRoot\system32\ntkrnlpa.exe 81E9C1DE
INT 0x7C \SystemRoot\system32\ntkrnlpa.exe 81E9C1E8
INT 0x7D \SystemRoot\system32\ntkrnlpa.exe 81E9C1F2
INT 0x7E \SystemRoot\system32\ntkrnlpa.exe 81E9C1FC
INT 0x7F \SystemRoot\system32\ntkrnlpa.exe 81E9C206
INT 0x80 \SystemRoot\system32\ntkrnlpa.exe 81E9C210
INT 0x81 \SystemRoot\system32\drivers\ataport.SYS 8295CE7E
INT 0x82 \SystemRoot\system32\DRIVERS\USBPORT.SYS 86108C2F
INT 0x83 \SystemRoot\system32\ntkrnlpa.exe 81E9C22E
INT 0x84 \SystemRoot\system32\ntkrnlpa.exe 81E9C238
INT 0x85 \SystemRoot\system32\ntkrnlpa.exe 81E9C242
INT 0x86 \SystemRoot\system32\ntkrnlpa.exe 81E9C24C
INT 0x87 \SystemRoot\system32\ntkrnlpa.exe 81E9C256
INT 0x88 \SystemRoot\system32\ntkrnlpa.exe 81E9C260
INT 0x89 \SystemRoot\system32\ntkrnlpa.exe 81E9C26A
INT 0x8A \SystemRoot\system32\ntkrnlpa.exe 81E9C274
INT 0x8B \SystemRoot\system32\ntkrnlpa.exe 81E9C27E
INT 0x8C \SystemRoot\system32\ntkrnlpa.exe 81E9C288
INT 0x8D \SystemRoot\system32\ntkrnlpa.exe 81E9C292
INT 0x8E \SystemRoot\system32\ntkrnlpa.exe 81E9C29C
INT 0x8F \SystemRoot\system32\ntkrnlpa.exe 81E9C2A6
INT 0x90 \SystemRoot\system32\ntkrnlpa.exe 81E9C2B0
INT 0x91 \SystemRoot\system32\drivers\ataport.SYS 8295CE7E
INT 0x92 \SystemRoot\system32\DRIVERS\pcmcia.sys 82911EEA
INT 0x93 \SystemRoot\system32\ntkrnlpa.exe 81E9C2CE
INT 0x94 \SystemRoot\system32\ntkrnlpa.exe 81E9C2D8
INT 0x95 \SystemRoot\system32\ntkrnlpa.exe 81E9C2E2
INT 0x96 \SystemRoot\system32\ntkrnlpa.exe 81E9C2EC
INT 0x97 \SystemRoot\system32\ntkrnlpa.exe 81E9C2F6
INT 0x98 \SystemRoot\system32\ntkrnlpa.exe 81E9C300
INT 0x99 \SystemRoot\system32\ntkrnlpa.exe 81E9C30A
INT 0x9A \SystemRoot\system32\ntkrnlpa.exe 81E9C314
INT 0x9B \SystemRoot\system32\ntkrnlpa.exe 81E9C31E
INT 0x9C \SystemRoot\system32\ntkrnlpa.exe 81E9C328
INT 0x9D \SystemRoot\system32\ntkrnlpa.exe 81E9C332
INT 0x9E \SystemRoot\system32\ntkrnlpa.exe 81E9C33C
INT 0x9F \SystemRoot\system32\ntkrnlpa.exe 81E9C346
INT 0xA0 \SystemRoot\system32\ntkrnlpa.exe 81E9C350
INT 0xA1 \SystemRoot\system32\drivers\ataport.SYS 8295CE7E
INT 0xA1 \SystemRoot\system32\drivers\ataport.SYS 8295CE7E
INT 0xA1 \SystemRoot\system32\DRIVERS\HDAudBus.sys 8616D45E
INT 0xA1 \SystemRoot\system32\drivers\ataport.SYS 8295CE7E
INT 0xA2 \SystemRoot\system32\DRIVERS\i8042prt.sys 8618A286
INT 0xA3 \SystemRoot\system32\ntkrnlpa.exe 81E9C36E
INT 0xA4 \SystemRoot\system32\ntkrnlpa.exe 81E9C378
INT 0xA5 \SystemRoot\system32\ntkrnlpa.exe 81E9C382
INT 0xA6 \SystemRoot\system32\ntkrnlpa.exe 81E9C38C
INT 0xA7 \SystemRoot\system32\ntkrnlpa.exe 81E9C396
INT 0xA8 \SystemRoot\system32\ntkrnlpa.exe 81E9C3A0
INT 0xA9 \SystemRoot\system32\ntkrnlpa.exe 81E9C3AA
INT 0xAA \SystemRoot\system32\ntkrnlpa.exe 81E9C3B4
INT 0xAB \SystemRoot\system32\ntkrnlpa.exe 81E9C3BE
INT 0xAC \SystemRoot\system32\ntkrnlpa.exe 81E9C3C8
INT 0xAD \SystemRoot\system32\ntkrnlpa.exe 81E9C3D2
INT 0xAE \SystemRoot\system32\ntkrnlpa.exe 81E9C3DC
INT 0xAF \SystemRoot\system32\ntkrnlpa.exe 81E9C3E6
INT 0xB0 \SystemRoot\system32\ntkrnlpa.exe 81E9C3F0
INT 0xB1 \SystemRoot\system32\drivers\acpi.sys 82815A48
|
|
23.06.2014, 22:47
| #3 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Gmer Teil 2
__________________Code:
ATTFilter INT 0xB1 \SystemRoot\system32\drivers\acpi.sys 82815A48
INT 0xB2 \SystemRoot\system32\DRIVERS\i8042prt.sys 86180F56
INT 0xB3 \SystemRoot\system32\ntkrnlpa.exe 81E9C40E
INT 0xB4 \SystemRoot\system32\ntkrnlpa.exe 81E9C418
INT 0xB5 \SystemRoot\system32\ntkrnlpa.exe 81E9C422
INT 0xB6 \SystemRoot\system32\ntkrnlpa.exe 81E9C42C
INT 0xB7 \SystemRoot\system32\ntkrnlpa.exe 81E9C436
INT 0xB8 \SystemRoot\system32\ntkrnlpa.exe 81E9C440
INT 0xB9 \SystemRoot\system32\ntkrnlpa.exe 81E9C44A
INT 0xBA \SystemRoot\system32\ntkrnlpa.exe 81E9C454
INT 0xBB \SystemRoot\system32\ntkrnlpa.exe 81E9C45E
INT 0xBC \SystemRoot\system32\ntkrnlpa.exe 81E9C468
INT 0xBD \SystemRoot\system32\ntkrnlpa.exe 81E9C472
INT 0xBE \SystemRoot\system32\ntkrnlpa.exe 81E9C47C
INT 0xBF \SystemRoot\system32\ntkrnlpa.exe 81E9C486
INT 0xC0 \SystemRoot\system32\ntkrnlpa.exe 81E9C490
INT 0xC1 \SystemRoot\system32\hal.dll 81E293D8
INT 0xC2 \SystemRoot\system32\ntkrnlpa.exe 81E9C4A4
INT 0xC3 \SystemRoot\system32\ntkrnlpa.exe 81E9C4AE
INT 0xC4 \SystemRoot\system32\ntkrnlpa.exe 81E9C4B8
INT 0xC5 \SystemRoot\system32\ntkrnlpa.exe 81E9C4C2
INT 0xC6 \SystemRoot\system32\ntkrnlpa.exe 81E9C4CC
INT 0xC7 \SystemRoot\system32\ntkrnlpa.exe 81E9C4D6
INT 0xC8 \SystemRoot\system32\ntkrnlpa.exe 81E9C4E0
INT 0xC9 \SystemRoot\system32\ntkrnlpa.exe 81E9C4EA
INT 0xCA \SystemRoot\system32\ntkrnlpa.exe 81E9C4F4
INT 0xCB \SystemRoot\system32\ntkrnlpa.exe 81E9C4FE
INT 0xCC \SystemRoot\system32\ntkrnlpa.exe 81E9C508
INT 0xCD \SystemRoot\system32\ntkrnlpa.exe 81E9C512
INT 0xCE \SystemRoot\system32\ntkrnlpa.exe 81E9C51C
INT 0xCF \SystemRoot\system32\ntkrnlpa.exe 81E9C526
INT 0xD0 \SystemRoot\system32\ntkrnlpa.exe 81E9C530
INT 0xD1 \SystemRoot\system32\hal.dll 81E15724
INT 0xD2 \SystemRoot\system32\ntkrnlpa.exe 81E9C544
INT 0xD3 \SystemRoot\system32\ntkrnlpa.exe 81E9C54E
INT 0xD4 \SystemRoot\system32\ntkrnlpa.exe 81E9C558
INT 0xD5 \SystemRoot\system32\ntkrnlpa.exe 81E9C562
INT 0xD6 \SystemRoot\system32\ntkrnlpa.exe 81E9C56C
INT 0xD7 \SystemRoot\system32\ntkrnlpa.exe 81E9C576
INT 0xD8 \SystemRoot\system32\ntkrnlpa.exe 81E9C580
INT 0xD9 \SystemRoot\system32\ntkrnlpa.exe 81E9C58A
INT 0xDA \SystemRoot\system32\ntkrnlpa.exe 81E9C594
INT 0xDB \SystemRoot\system32\ntkrnlpa.exe 81E9C59E
INT 0xDC \SystemRoot\system32\ntkrnlpa.exe 81E9C5A8
INT 0xDD \SystemRoot\system32\ntkrnlpa.exe 81E9C5B2
INT 0xDE \SystemRoot\system32\ntkrnlpa.exe 81E9C5BC
INT 0xDF \SystemRoot\system32\hal.dll 81E291C0
INT 0xE0 \SystemRoot\system32\ntkrnlpa.exe 81E9C5D0
INT 0xE1 \SystemRoot\system32\hal.dll 81E29B40
INT 0xE2 \SystemRoot\system32\ntkrnlpa.exe 81E9C5E4
INT 0xE3 \SystemRoot\system32\hal.dll 81E296D4
INT 0xE4 \SystemRoot\system32\ntkrnlpa.exe 81E9C5F8
INT 0xE5 \SystemRoot\system32\ntkrnlpa.exe 81E9C602
INT 0xE6 \SystemRoot\system32\ntkrnlpa.exe 81E9C60C
INT 0xE7 \SystemRoot\system32\ntkrnlpa.exe 81E9C616
INT 0xE8 \SystemRoot\system32\ntkrnlpa.exe 81E9C620
INT 0xE9 \SystemRoot\system32\ntkrnlpa.exe 81E9C62A
INT 0xEA \SystemRoot\system32\ntkrnlpa.exe 81E9C634
INT 0xEB \SystemRoot\system32\ntkrnlpa.exe 81E9C63E
INT 0xEC \SystemRoot\system32\ntkrnlpa.exe 81E9C648
INT 0xED \SystemRoot\system32\ntkrnlpa.exe 81E9C652
INT 0xEE \SystemRoot\system32\ntkrnlpa.exe 81E9C659
INT 0xEF \SystemRoot\system32\ntkrnlpa.exe 81E9C660
INT 0xF0 \SystemRoot\system32\ntkrnlpa.exe 81E9C667
INT 0xF1 \SystemRoot\system32\ntkrnlpa.exe 81E9C66E
INT 0xF2 \SystemRoot\system32\ntkrnlpa.exe 81E9C675
INT 0xF3 \SystemRoot\system32\ntkrnlpa.exe 81E9C67C
INT 0xF4 \SystemRoot\system32\ntkrnlpa.exe 81E9C683
INT 0xF5 \SystemRoot\system32\ntkrnlpa.exe 81E9C68A
INT 0xF6 \SystemRoot\system32\ntkrnlpa.exe 81E9C691
INT 0xF7 \SystemRoot\system32\ntkrnlpa.exe 81E9C698
INT 0xF8 \SystemRoot\system32\ntkrnlpa.exe 81E9C69F
INT 0xF9 \SystemRoot\system32\ntkrnlpa.exe 81E9C6A6
INT 0xFA \SystemRoot\system32\ntkrnlpa.exe 81E9C6AD
INT 0xFB \SystemRoot\system32\ntkrnlpa.exe 81E9C6B4
INT 0xFC \SystemRoot\system32\ntkrnlpa.exe 81E9C6BB
INT 0xFD \SystemRoot\system32\hal.dll 81E2A100
INT 0xFE \SystemRoot\system32\hal.dll 81E2A36C
INT 0xFF \SystemRoot\system32\ntkrnlpa.exe 81E9C6D0
SYSENTER \SystemRoot\system32\ntkrnlpa.exe 81E9C900
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 81E99018 1 Byte [90]
.text ntkrnlpa.exe!ZwQueryLicenseValue + D05 81E9CB69 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 4FA 81EF9E6A 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntkrnlpa.exe!KiDispatchInterrupt + 512 81EF9E82 1 Byte [00]
? C:\Users\ADMINI~1\AppData\Local\Temp\kgloypow.sys Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. !
---- User code sections - GMER 2.1 ----
UPX1 C:\Users\Administrator\Downloads\Gmer-19357.exe[1372] C:\Users\Administrator\Downloads\Gmer-19357.exe entry point in "UPX1" section [0x004DB320]
UPX1 C:\Users\Administrator\Downloads\Gmer-19357.exe[1512] C:\Users\Administrator\Downloads\Gmer-19357.exe entry point in "UPX1" section [0x004DB320]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs Ntfs.sys
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe
Device \
Device \Driver\KSecDD \Device\KsecDD ksecdd.sys
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe
Device \Driver\NDIS \Device\Ndis ndis.sys
Device \Driver\Beep \Device\Beep Beep.SYS
Device \Driver\Beep \Device\Beep ntkrnlpa.exe
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Device\00000033
Device \Device\00000026
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 volsnap.sys
Device \Device\00000040
Device \Device\00000034
Device \Device\00000027
Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys
Device \Driver\kbdclass \Device\KeyboardClass0 ntkrnlpa.exe
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
Device \Device\Video0
Device \Driver\Wdf01000 \Device\KMDF0 Wdf01000.sys
Device \Driver\Wdf01000 \Device\KMDF0 ntkrnlpa.exe
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe
Device \Device\00000041
Device \Device\00000035
Device \Device\00000028
Device \Driver\kbdclass \Device\KeyboardClass1 kbdclass.sys
Device \Driver\kbdclass \Device\KeyboardClass1 ntkrnlpa.exe
Device \Driver\volmgr \Device\VolMgrControl volmgr.sys
Device \Driver\volmgr \Device\VolMgrControl ntkrnlpa.exe
Device \Device\00000042
Device \Device\00000036
Device \Device\00000029
Device \Device\KeyboardClass2
Device \Driver\mouclass \Device\PointerClass0 mouclass.sys
Device \Driver\mouclass \Device\PointerClass0 ntkrnlpa.exe
Device \Device\00000050
Device \Device\00000043
Device \Device\00000037
Device \Device\0000000a
Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS
Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe
Device \Driver\mouclass \Device\PointerClass1 mouclass.sys
Device \Driver\mouclass \Device\PointerClass1 ntkrnlpa.exe
Device \Driver\Compbatt \Device\CompositeBattery compbatt.sys
Device \Driver\Compbatt \Device\CompositeBattery ntkrnlpa.exe
Device \Device\00000051
Device \Device\00000044
Device \Device\00000038
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe
Device \Driver\usbohci \Device\USBPDO-1 USBPORT.SYS
Device \Driver\usbohci \Device\USBPDO-1 ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe
Device \Device\00000052
Device \Device\00000045
Device \Device\00000039
Device \Device\0000000c
Device \Driver\usbohci \Device\USBPDO-2 USBPORT.SYS
Device \Driver\usbohci \Device\USBPDO-2 ntkrnlpa.exe
Device \Device\NTPNP_PCI0000
Device \Device\00000053
Device \Device\00000046
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\PnpManager \Device\00000054 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000054 ntkrnlpa.exe
Device \Driver\usbohci \Device\USBPDO-3 USBPORT.SYS
Device \Driver\usbohci \Device\USBPDO-3 ntkrnlpa.exe
Device \Device\NTPNP_PCI0001
Device \Device\00000060
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Driver\PnpManager \Device\00000055 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000055 ntkrnlpa.exe
Device \Driver\usbohci \Device\USBPDO-4 USBPORT.SYS
Device \Driver\usbohci \Device\USBPDO-4 ntkrnlpa.exe
Device \Device\NTPNP_PCI0002
Device \Device\00000061
Device \Device\00000048
Device \Device\0000001c
Device \Device\0000000f
Device \Driver\usbehci \Device\USBPDO-5 USBPORT.SYS
Device \Driver\usbehci \Device\USBPDO-5 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000056 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000056 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0010 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0010 pci.sys
Device \Device\NTPNP_PCI0003
Device \Driver\ACPI \Device\00000062 acpi.sys
Device \Device\00000049
Device \Driver\PnpManager \Device\0000001d ntkrnlpa.exe
Device \Driver\PnpManager \Device\0000001d ntkrnlpa.exe
Device \Driver\PnpManager \Device\0000001e ntkrnlpa.exe
Device \Driver\PnpManager \Device\0000001e ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0011 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0011 pci.sys
Device \Device\00000070
Device \Device\NTPNP_PCI0004
Device \Driver\Tcpip \Device\eQoS tcpip.sys
Device \Driver\Tcpip \Device\eQoS ntkrnlpa.exe
Device \Driver\ACPI \Device\00000063 acpi.sys
Device \Device\00000057
Device \Device\0000002a
Device \Driver\volmgr \Device\HarddiskVolume1 volmgr.sys
Device \Driver\volmgr \Device\HarddiskVolume1 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000058 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000058 ntkrnlpa.exe
Device \Device\00000071
Device \Device\NTPNP_PCI0012
Device \Device\NTPNP_PCI0005
Device \Driver\ACPI \Device\00000064 acpi.sys
Device \Device\0000002b
Device \Device\0000001f
Device \Driver\volmgr \Device\HarddiskVolume2 volmgr.sys
Device \Driver\volmgr \Device\HarddiskVolume2 ntkrnlpa.exe
Device \Driver\cdrom \Device\CdRom0 CLASSPNP.SYS
Device \Driver\cdrom \Device\CdRom0 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0006 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0006 pci.sys
Device \Driver\TermDD \Device\Termdd termdd.sys
Device \Driver\Ecache \Device\ECacheControl ecache.sys
Device \Driver\PnpManager \Device\00000059 ntkrnlpa.exe
Device \Driver\PnpManager \Device\00000059 ntkrnlpa.exe
Device \Device\00000072
Device \Device\NTPNP_PCI0013
Device \Device\00000065
Device \Device\0000002c
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 ataport.SYS
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 ntkrnlpa.exe
Device \Driver\atapi \Device\Ide\IdePort0 ataport.SYS
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 ataport.SYS
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 ntkrnlpa.exe
Device \Driver\atapi \Device\Ide\IdePort1 ataport.SYS
Device \Driver\atapi \Device\Ide\IdePort1 ntkrnlpa.exe
Device \Driver\atapi \Device\Ide\IdePort2 ataport.SYS
Device \Driver\atapi \Device\Ide\IdePort2 ntkrnlpa.exe
Device \Driver\atapi \Device\Ide\IdePort3 ataport.SYS
Device \Driver\atapi \Device\Ide\IdePort3 ntkrnlpa.exe
Device \Driver\pciide \Device\Ide\PciIde1Channel0 ntkrnlpa.exe
Device \Driver\pciide \Device\Ide\PciIde1Channel0 PCIIDEX.SYS
Device \Driver\pciide \Device\Ide\PciIde1Channel1 ntkrnlpa.exe
Device \Driver\pciide \Device\Ide\PciIde1Channel1 PCIIDEX.SYS
Device \Driver\pciide \Device\Ide\PciIde0Channel0 ntkrnlpa.exe
Device \Driver\pciide \Device\Ide\PciIde0Channel0 PCIIDEX.SYS
Device \Driver\pciide \Device\Ide\PciIde0Channel1 ntkrnlpa.exe
Device \Driver\pciide \Device\Ide\PciIde0Channel1 PCIIDEX.SYS
Device \Device\Ide\PciIde0
Device \Device\Ide\PciIde1
Device \Driver\volmgr \Device\HarddiskVolume3 volmgr.sys
Device \Driver\volmgr \Device\HarddiskVolume3 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0007 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0007 pci.sys
Device \Device\i
Device \Driver\pci \Device\NTPNP_PCI0014 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0014 pci.sys
Device \Driver\pci \Device\NTPNP_PCI0008 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0008 pci.sys
Device \Driver\ACPI \Device\00000074 acpi.sys
Device \Driver\pci \Device\NTPNP_PCI0015 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0015 pci.sys
Device \Driver\ACPI \Device\00000067 acpi.sys
Device \Driver\ACPI \Device\00000075 acpi.sys
Device \Driver\SynTP \Device\00000081 Wdf01000.sys
Device \Driver\pci \Device\NTPNP_PCI0009 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0009 pci.sys
Device \Driver\ACPI \Device\00000068 acpi.sys
Device \Driver\HBtnKey \Device\00000082 HIDCLASS.SYS
Device \Driver\HBtnKey \Device\00000082 ntkrnlpa.exe
Device \Driver\ACPI \Device\00000076 acpi.sys
Device \Driver\pci \Device\NTPNP_PCI0023 ntkrnlpa.exe
Device \Driver\pci \Device\NTPNP_PCI0023 pci.sys
Device \Driver\ACPI \Device\00000069 acpi.sys
Device \Driver\Tcpip \Device\WFP tcpip.sys
Device \Driver\Tcpip \Device\WFP ntkrnlpa.exe
Device \Driver\usbhub \Device\00000079 usbhub.sys
Device \Driver\usbhub \Device\00000079 ntkrnlpa.exe
Device \Driver\ACPI_HAL \Device\0000005a ntkrnlpa.exe
Device \Driver\MountMgr \Device\MountPointManager mountmgr.sys
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe
Device \FileSystem\Mup \Device\Mup mup.sys
Device \Driver\iScsiPrt \Device\RaidPort0 storport.sys
Device \Driver\iScsiPrt \Device\RaidPort0 ntkrnlpa.exe
Device \Driver\partmgr \Device\PartmgrControl partmgr.sys
Device \Driver\disk \Device\Harddisk0\DR0 CLASSPNP.SYS
Device \Driver\disk \Device\Harddisk0\DR0 ntkrnlpa.exe
Device \Driver\ACPI \Device\0000006a acpi.sys
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe
Device \Driver\ACPI \Device\0000006b acpi.sys
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS
Device \Driver\usbohci \Device\USBFDO-0 ntkrnlpa.exe
Device \Driver\Null \Device\Null Null.SYS
Device \Driver\Null \Device\Null ntkrnlpa.exe
Device \Driver\ACPI \Device\0000006c acpi.sys
Device \Driver\usbhub \Device\0000007a usbhub.sys
Device \Driver\usbhub \Device\0000007a ntkrnlpa.exe
Device \Driver\usbohci \Device\USBFDO-1 USBPORT.SYS
Device \Driver\usbohci \Device\USBFDO-1 ntkrnlpa.exe
Device \Driver\Tcpip \Device\NXTIPSEC tcpip.sys
Device \Driver\Tcpip \Device\NXTIPSEC ntkrnlpa.exe
Device \Driver\usbhub \Device\0000007b usbhub.sys
Device \Driver\usbhub \Device\0000007b ntkrnlpa.exe
Device \Driver\usbohci \Device\USBFDO-2 USBPORT.SYS
Device \Driver\usbohci \Device\USBFDO-2 ntkrnlpa.exe
Device \Driver\usbhub \Device\0000007c usbhub.sys
Device \Driver\usbhub \Device\0000007c ntkrnlpa.exe
Device \Driver\usbohci \Device\USBFDO-3 USBPORT.SYS
Device \Driver\usbohci \Device\USBFDO-3 ntkrnlpa.exe
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe
Device \Driver\usbhub \Device\0000007d usbhub.sys
Device \Driver\usbhub \Device\0000007d ntkrnlpa.exe
Device \Driver\usbohci \Device\USBFDO-4 USBPORT.SYS
Device \Driver\usbohci \Device\USBFDO-4 ntkrnlpa.exe
Device \Driver\kgloypow \Device\kgloypow kgloypow.sys
Device \Driver\kgloypow \Device\kgloypow ntkrnlpa.exe
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe
Device \Driver\usbhub \Device\0000007e usbhub.sys
Device \Driver\usbhub \Device\0000007e ntkrnlpa.exe
Device \Driver\usbehci \Device\USBFDO-5 USBPORT.SYS
Device \Driver\usbehci \Device\USBFDO-5 ntkrnlpa.exe
Device \FileSystem\FileInfo \Device\FileInfo fileinfo.sys
Device \FileSystem\FileInfo \Device\FileInfo ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe
Device \Driver\Tcpip \Device\WfpAle tcpip.sys
Device \Driver\Tcpip \Device\WfpAle ntkrnlpa.exe
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer Fs_Rec.SYS
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer ntkrnlpa.exe
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe
Device \FileSystem\cdfs \Cdfs cdfs.sys
Device \FileSystem\cdfs \Cdfs ntkrnlpa.exe
Device \FileSystem\cdfs \Cdfs ntkrnlpa.exe
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ffffffff81e45000
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x844b2030] 844b2030
Trace 3 CLASSPNP.SYS[863a7745] -> nt!IofCallDriver -> [0x844a3528] 844a3528
Trace 5 acpi.sys[828106a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x844af030] 844af030
---- Modules - GMER 2.1 ----
Module \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation SIGNED)(2011-02-09 17:08:10) 81E45000-821FE000 (3903488 bytes)
Module \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation SIGNED)(2006-11-02 10:25:51) 81E12000-81E45000 (208896 bytes)
Module \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation SIGNED)(2010-01-09 13:04:13) 8060B000-80613000 (32768 bytes)
Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation SIGNED)(2010-01-09 13:08:03) 80613000-80624000 (69632 bytes)
Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:17) 80624000-8062C000 (32768 bytes)
Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:25) 8062C000-8066D000 (266240 bytes)
Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation SIGNED)(2008-04-12 07:47:22) 8066D000-8074D000 (917504 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation SIGNED)(2010-01-09 13:05:50) 8074D000-807C9000 (507904 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation SIGNED)(2010-01-09 13:04:51) 807C9000-807D6000 (53248 bytes)
Module \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation SIGNED)(2010-01-09 13:05:56) 82808000-8284E000 (286720 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation SIGNED)(2010-01-09 13:03:45) 8284E000-82857000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:43) 82857000-8285F000 (32768 bytes)
Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:05:54) 8285F000-82886000 (159744 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:44) 82886000-82895000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:17) 82895000-82898000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33) 82898000-828A2000 (40960 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:05) 828A2000-828B1000 (61440 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:50) 828B1000-828FB000 (303104 bytes)
Module \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:02) 828FB000-82902000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation SIGNED)(2010-01-09 13:04:29) 82902000-82910000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:50) 82910000-8293D000 (184320 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation SIGNED)(2010-01-09 13:04:42) 8293D000-8294D000 (65536 bytes)
Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:23) 8294D000-82955000 (32768 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation SIGNED)(2010-01-09 13:04:43) 82955000-82973000 (122880 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation SIGNED)(2010-01-09 13:05:30) 82973000-829A5000 (204800 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:39) 829A5000-829B5000 (65536 bytes)
Module \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)(2006-07-24 01:00:00) 829B5000-829BE000 (36864 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) 82A07000-82A78000 (462848 bytes)
Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:54) 82A78000-82B83000 (1093632 bytes)
Module \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation SIGNED)(2010-01-09 13:04:27) 82B83000-82BAE000 (176128 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation SIGNED)(2010-01-09 13:06:08) 82BAE000-82BE8000 (237568 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation SIGNED)(2010-12-26 05:40:45) 86003000-860EC000 (954368 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation SIGNED)(2010-01-09 13:05:35) 860EC000-86107000 (110592 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:07:38) 8620B000-8631A000 (1110016 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:29) 8631A000-86353000 (233472 bytes)
Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:47) 8635B000-8636A000 (61440 bytes)
Module \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation SIGNED)(2010-01-09 13:06:02) 8636A000-86391000 (159744 bytes)
Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:22) 86391000-863A2000 (69632 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation SIGNED)(2010-01-09 13:04:57) 863A2000-863C3000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\AtiPcie.sys (ATI PCIE Driver for ATI PCIE chipset/ATI Technologies Inc. SIGNED)(2007-06-30 04:44:28) 863C3000-863CB000 (32768 bytes)
Module \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation SIGNED)(2006-11-02 08:52:27) 863CB000-863D4000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:49) 863F4000-863FE000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:44) 86107000-86145000 (253952 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:54) 86145000-86154000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:32) 86154000-8616C000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:25) 8616C000-8617E000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:36) 8617E000-86191000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:12) 86200000-8620B000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc. SIGNED)(2007-01-12 13:59:02) 86191000-861BC000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:36) 86353000-86355000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10) 861BC000-861C7000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P. SIGNED)(2007-06-30 06:19:44) 86355000-86358000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation SIGNED)(2010-01-09 13:02:10) 861C7000-861D7000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation SIGNED)(2010-01-09 13:01:36) 861D7000-861DE000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation SIGNED)(2010-01-09 13:02:08) 861DE000-861E7000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:01) 829BE000-829EC000 (188416 bytes)
Module \SystemRoot\system32\DRIVERS\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:09) 89E09000-89E4A000 (266240 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation SIGNED)(2010-01-09 13:02:22) 89E4A000-89E55000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33) 89E55000-89E65000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:45) 89E65000-89E67000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation SIGNED)(2010-01-09 13:04:08) 89E67000-89E91000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10) 89E91000-89E9B000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:50) 89E9B000-89EA8000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation SIGNED)(2010-01-09 13:04:46) 89EA8000-89EDC000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:56) 89EDC000-89EE5000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:31) 89EE5000-89EEE000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38) 89EEE000-89EF5000 (28672 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:41) 89EF5000-89EFC000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38) 89EFC000-89F08000 (49152 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:21) 89F08000-89F29000 (135168 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:58) 89F29000-89F36000 (53248 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:57) 89F36000-89F41000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:14) 89F41000-89F4F000 (57344 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:21) 89F4F000-89F5C000 (53248 bytes)
Module \SystemRoot\System32\Drivers\dump_dumpata.sys 89F5C000-89F67000 (45056 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys 89F67000-89F6F000 (32768 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation SIGNED)(2011-07-13 18:21:18) 81440000-81644000 (2113536 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:40) 89F6F000-89F79000 (40960 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:58) 81650000-81667000 (94208 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:36) 81680000-81689000 (36864 bytes)
Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:36) 81700000-81708000 (32768 bytes)
Module \??\C:\Users\ADMINI~1\AppData\Local\Temp\kgloypow.sys (GMER) 89F79000-89F93000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:58) 89F93000-89FA9000 (90112 bytes)
Module \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation SIGNED)(2011-02-09 17:08:14)
|
|
23.06.2014, 22:48
| #4 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Gmer zum Dritten Code:
ATTFilter ---- Processes - GMER 2.1 ----
Process System Idle 0
Process System 4
Process C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation SIGNED)(2010-01-09 13:04:28) 240
Library C:\Windows\System32\smss.exe 0x47910000
Library C:\Windows\system32\ntdll.dll 0x77720000
Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation SIGNED)(2010-01-09 13:02:25) 304
Library C:\Windows\system32\csrss.exe 0x499E0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\CSRSRV.dll 0x75D20000
Library C:\Windows\system32\basesrv.dll 0x75D00000
Library C:\Windows\system32\winsrv.dll 0x75CA0000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\KERNEL32.dll 0x75F20000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\sxs.dll 0x75B70000
Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation SIGNED)(2010-01-09 13:02:25) 340
Library C:\Windows\system32\csrss.exe 0x499E0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\CSRSRV.dll 0x75D20000
Library C:\Windows\system32\basesrv.dll 0x75D00000
Library C:\Windows\system32\winsrv.dll 0x75CA0000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\KERNEL32.dll 0x75F20000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\sxs.dll 0x75B70000
Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation SIGNED)(2010-01-09 13:05:06) 348
Library C:\Windows\system32\wininit.exe 0x00140000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation SIGNED)(2010-01-09 13:05:41) 376
Library C:\Windows\system32\winlogon.exe 0x00DD0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\WINSTA.dll 0x75C30000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\SHSVCS.dll 0x74490000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\slc.dll 0x756B0000
Library C:\Windows\system32\MPR.dll 0x757F0000
Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation SIGNED)(2010-01-09 13:05:25) 424
Library C:\Windows\system32\services.exe 0x00B70000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\SCESRV.dll 0x75BE0000
Library C:\Windows\system32\AUTHZ.dll 0x75A10000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\NCObjAPI.DLL 0x75900000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\credssp.dll 0x75570000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) 436
Library C:\Windows\system32\lsass.exe 0x002A0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\LSASRV.dll 0x75A30000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\SAMSRV.dll 0x75910000
Library C:\Windows\system32\cryptdll.dll 0x758D0000
Library C:\Windows\system32\DNSAPI.dll 0x758A0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\NTDSAPI.dll 0x75830000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\FeClient.dll 0x75810000
Library C:\Windows\system32\MPR.dll 0x757F0000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\slc.dll 0x756B0000
Library C:\Windows\system32\SYSNTFY.dll 0x75BD0000
Library C:\Windows\system32\wevtapi.dll 0x75670000
Library C:\Windows\system32\IPHLPAPI.DLL 0x75650000
Library C:\Windows\system32\dhcpcsvc.DLL 0x754D0000
Library C:\Windows\system32\WINNSI.DLL 0x75850000
Library C:\Windows\system32\dhcpcsvc6.DLL 0x75610000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\cngaudit.dll 0x75640000
Library C:\Windows\system32\AUTHZ.dll 0x75A10000
Library C:\Windows\system32\ncrypt.dll 0x755D0000
Library C:\Windows\system32\BCRYPT.dll 0x75580000
Library C:\Windows\system32\credssp.dll 0x75570000
Library C:\Windows\system32\msprivs.dll 0x75550000
Library C:\Windows\system32\kerberos.dll 0x75450000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wship6.dll 0x75430000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Library C:\Windows\system32\msv1_0.dll 0x753D0000
Library C:\Windows\system32\netlogon.dll 0x75250000
Library C:\Windows\system32\WINBRAND.dll 0x752F0000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\system32\wdigest.dll 0x751D0000
Library C:\Windows\system32\rsaenh.dll 0x75160000
Library C:\Windows\system32\tspkg.dll 0x751B0000
Library C:\Windows\system32\GPAPI.dll 0x75410000
Library C:\Windows\system32\setupapi.dll 0x77590000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\scecli.dll 0x75130000
Library C:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll 0x10000000
Library C:\Windows\system32\WINMM.dll 0x750F0000
Library C:\Windows\system32\OLEACC.dll 0x750B0000
Library C:\Windows\system32\SHLWAPI.dll 0x77340000
Library C:\Windows\system32\MSVCR70.dll 0x7C000000
Library C:\Program Files\Hewlett-Packard\IAM\bin\ItMsg.dll 0x01440000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 0x74D70000
Library C:\Windows\system32\keyiso.dll 0x74980000
Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation SIGNED)(2010-01-09 13:06:20) 444
Library C:\Windows\system32\lsm.exe 0x00220000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\SYSNTFY.dll 0x75BD0000
Library C:\Windows\system32\WMsgAPI.dll 0x758F0000
Library C:\Windows\system32\secur32.dll 0x75C60000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\credssp.dll 0x75570000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) 600
Library C:\Windows\system32\svchost.exe 0x002D0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library c:\windows\system32\umpnpmgr.dll 0x75000000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library c:\windows\system32\USERENV.dll 0x75C80000
Library c:\windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\POWRPROF.dll 0x75060000
Library C:\Windows\system32\GPAPI.dll 0x75410000
Library C:\Windows\system32\slc.dll 0x756B0000
Library c:\windows\system32\rpcss.dll 0x74CE0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library c:\windows\system32\FirewallAPI.dll 0x74F90000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library c:\windows\system32\VERSION.dll 0x75560000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\credssp.dll 0x75570000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\SETUPAPI.dll 0x77590000
Library C:\Windows\system32\CLBCatQ.DLL 0x77500000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\WINSTA.dll 0x75C30000
Library C:\Windows\system32\WTSAPI32.dll 0x74A00000
Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) 656
Library C:\Windows\system32\svchost.exe 0x002D0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library c:\windows\system32\rpcss.dll 0x74CE0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library c:\windows\system32\Secur32.dll 0x75C60000
Library c:\windows\system32\FirewallAPI.dll 0x74F90000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library c:\windows\system32\VERSION.dll 0x75560000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\credssp.dll 0x75570000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\rsaenh.dll 0x75160000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Library C:\Windows\system32\CLBCatQ.DLL 0x77500000
Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) 688
Library C:\Windows\System32\svchost.exe 0x002D0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library c:\program files\windows defender\mpsvc.dll 0x74C90000
Library C:\Windows\system32\VERSION.dll 0x75560000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\WINTRUST.dll 0x74F60000
Library C:\Windows\system32\imagehlp.dll 0x76080000
Library c:\program files\windows defender\MpClient.dll 0x74F10000
Library C:\Windows\system32\SHELL32.dll 0x762A0000
Library C:\Windows\system32\SHLWAPI.dll 0x77340000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 0x74D70000
Library C:\Windows\System32\GPAPI.dll 0x75410000
Library C:\Windows\System32\slc.dll 0x756B0000
Library C:\Windows\System32\rsaenh.dll 0x75160000
Library C:\Windows\system32\psapi.dll 0x75D30000
Library C:\Windows\System32\ncrypt.dll 0x755D0000
Library C:\Windows\System32\BCRYPT.dll 0x75580000
Library C:\Windows\System32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\System32\SAMLIB.dll 0x75880000
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CC75080-364F-47A4-B1BE-7658BFF20F2B}\mpengine.dll 0x73150000
Library c:\program files\windows defender\mprtplug.dll 0x74990000
Library C:\Windows\System32\tdh.dll 0x74040000
Library C:\Windows\System32\credssp.dll 0x75570000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\System32\NETAPI32.dll 0x75990000
Library C:\Windows\System32\wscapi.dll 0x75050000
Library C:\Windows\system32\urlmon.dll 0x773C0000
Library C:\Windows\system32\iertutil.dll 0x77000000
Library C:\Windows\system32\CLBCatQ.DLL 0x77500000
Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) 780
Library C:\Windows\System32\svchost.exe 0x002D0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library c:\windows\system32\wevtsvc.dll 0x74600000
Library c:\windows\system32\USERENV.dll 0x75C80000
Library c:\windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library c:\windows\system32\VERSION.dll 0x75560000
Library c:\windows\system32\GPAPI.dll 0x75410000
Library c:\windows\system32\slc.dll 0x756B0000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\System32\CRYPT32.dll 0x756F0000
Library C:\Windows\System32\MSASN1.dll 0x75860000
Library C:\Windows\System32\credssp.dll 0x75570000
Library C:\Windows\system32\schannel.dll 0x75200000
Library C:\Windows\System32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) 808
Library C:\Windows\system32\svchost.exe 0x002D0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library c:\windows\system32\profsvc.dll 0x749A0000
Library c:\windows\system32\SYSNTFY.dll 0x75BD0000
Library c:\windows\system32\USERENV.dll 0x75C80000
Library c:\windows\system32\Secur32.dll 0x75C60000
Library c:\windows\system32\nlaapi.dll 0x75040000
Library c:\windows\system32\IPHLPAPI.DLL 0x75650000
Library c:\windows\system32\dhcpcsvc.DLL 0x754D0000
Library c:\windows\system32\DNSAPI.dll 0x758A0000
Library c:\windows\system32\WINNSI.DLL 0x75850000
Library c:\windows\system32\dhcpcsvc6.DLL 0x75610000
Library c:\windows\system32\ATL.DLL 0x74A10000
Library C:\Windows\system32\CLBCatQ.DLL 0x77500000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library C:\Windows\system32\rsaenh.dll 0x75160000
Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) 876
Library C:\Windows\system32\svchost.exe 0x002D0000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library c:\windows\system32\cryptsvc.dll 0x74920000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library c:\windows\system32\VSSAPI.DLL 0x74170000
Library c:\windows\system32\ATL.DLL 0x74A10000
Library c:\windows\system32\vsstrace.dll 0x74960000
Library c:\windows\system32\AUTHZ.dll 0x75A10000
Library c:\windows\system32\XmlLite.dll 0x749D0000
Library c:\windows\system32\NETAPI32.dll 0x75990000
Library c:\windows\system32\MPR.dll 0x757F0000
Library C:\Windows\system32\SETUPAPI.dll 0x77590000
Library c:\windows\system32\CRYPT32.dll 0x756F0000
Library c:\windows\system32\MSASN1.dll 0x75860000
Library c:\windows\system32\USERENV.dll 0x75C80000
Library c:\windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\ESENT.dll 0x70850000
Library C:\Windows\system32\SHELL32.dll 0x762A0000
Library C:\Windows\system32\SHLWAPI.dll 0x77340000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 0x74D70000
Library C:\Windows\system32\CRYPTNET.dll 0x70C30000
Library C:\Windows\system32\SensApi.dll 0x73A50000
Library C:\Windows\system32\WINHTTP.dll 0x71370000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Library C:\Windows\System32\wship6.dll 0x75430000
Library C:\Windows\system32\IPHLPAPI.DLL 0x75650000
Library C:\Windows\system32\dhcpcsvc.DLL 0x754D0000
Library C:\Windows\system32\DNSAPI.dll 0x758A0000
Library C:\Windows\system32\WINNSI.DLL 0x75850000
Library C:\Windows\system32\dhcpcsvc6.DLL 0x75610000
Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation SIGNED)(2008-12-15 07:14:27) 1076
Library C:\Windows\Explorer.EXE 0x00780000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\SHLWAPI.dll 0x77340000
Library C:\Windows\system32\SHELL32.dll 0x762A0000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\OLEAUT32.dll 0x77870000
Library C:\Windows\system32\SHDOCVW.dll 0x73EA0000
Library C:\Windows\system32\UxTheme.dll 0x74A60000
Library C:\Windows\system32\POWRPROF.dll 0x75060000
Library C:\Windows\system32\dwmapi.dll 0x74950000
Library C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll 0x74700000
Library C:\Windows\system32\slc.dll 0x756B0000
Library C:\Windows\system32\PROPSYS.dll 0x740B0000
Library C:\Windows\system32\BROWSEUI.dll 0x73D50000
Library C:\Windows\system32\IMM32.dll 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\DUser.dll 0x74A30000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 0x74D70000
Library C:\Windows\system32\WindowsCodecs.dll 0x73C90000
Library C:\Windows\system32\IconCodecService.dll 0x748E0000
Library C:\Windows\system32\CLBCatQ.DLL 0x77500000
Library C:\Windows\system32\rsaenh.dll 0x75160000
Library C:\Windows\system32\timedate.cpl 0x73BD0000
Library C:\Windows\system32\ATL.DLL 0x74A10000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\PSAPI.DLL 0x75D30000
Library C:\Windows\system32\OLEACC.dll 0x750B0000
Library C:\Windows\system32\WINBRAND.dll 0x752F0000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\msutb.dll 0x73BA0000
Library C:\Windows\system32\WTSAPI32.dll 0x74A00000
Library C:\Windows\System32\shacct.dll 0x748C0000
Library C:\Windows\System32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\apphelp.dll 0x74460000
Library C:\Windows\System32\msshsq.dll 0x73B20000
Library C:\Windows\System32\NaturalLanguage6.dll 0x73980000
Library C:\Windows\System32\CRYPT32.dll 0x756F0000
Library C:\Windows\System32\MSASN1.dll 0x75860000
Library C:\Windows\System32\NLSData0007.dll 0x72CF0000
Library C:\Windows\System32\NLSLexicons0007.dll 0x71590000
Library C:\Windows\system32\authui.dll 0x74AA0000
Library C:\Windows\system32\MSIMG32.dll 0x751A0000
Library C:\Windows\system32\ieframe.dll 0x72250000
Library C:\Windows\system32\iertutil.dll 0x77000000
Library C:\Windows\system32\LINKINFO.dll 0x748F0000
Library C:\Windows\system32\WININET.dll 0x761B0000
Library C:\Windows\system32\Normaliz.dll 0x773B0000
Library C:\Windows\system32\urlmon.dll 0x773C0000
Library C:\Windows\system32\ExplorerFrame.dll 0x748B0000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\WINMM.dll 0x750F0000
Library C:\Windows\system32\wdmaud.drv 0x74010000
Library C:\Windows\system32\ksuser.dll 0x74450000
Library C:\Windows\system32\MMDevAPI.DLL 0x73FE0000
Library C:\Windows\system32\AVRT.dll 0x74440000
Library C:\Windows\system32\ntshrui.dll 0x73AD0000
Library C:\Windows\system32\cscapi.dll 0x74910000
Library C:\Windows\system32\stobject.dll 0x73010000
Library C:\Windows\system32\BatMeter.dll 0x72F50000
Library C:\Windows\system32\SETUPAPI.dll 0x77590000
Library C:\Windows\system32\WINSTA.dll 0x75C30000
Library C:\Windows\system32\es.dll 0x73930000
Library C:\Windows\System32\SndVolSSO.dll 0x73AA0000
Library C:\Windows\System32\netshell.dll 0x70F70000
Library C:\Windows\System32\IPHLPAPI.DLL 0x75650000
Library C:\Windows\System32\dhcpcsvc.DLL 0x754D0000
Library C:\Windows\System32\DNSAPI.dll 0x758A0000
Library C:\Windows\System32\WINNSI.DLL 0x75850000
Library C:\Windows\System32\dhcpcsvc6.DLL 0x75610000
Library C:\Windows\System32\nlaapi.dll 0x75040000
Library C:\Windows\system32\pnidui.dll 0x713D0000
Library C:\Windows\system32\QUtil.dll 0x73FC0000
Library C:\Windows\system32\wevtapi.dll 0x75670000
Library C:\Windows\system32\wlanutil.dll 0x74900000
Library C:\Windows\system32\msiltcfg.dll 0x73FB0000
Library C:\Windows\system32\VERSION.dll 0x75560000
Library C:\Windows\system32\msi.dll 0x70A00000
Library C:\Windows\system32\SXS.DLL 0x75B70000
Library C:\Windows\system32\ACTXPRXY.DLL 0x721F0000
Library C:\Windows\system32\thumbcache.dll 0x73B80000
Library C:\Windows\system32\xmllite.dll 0x749D0000
Library C:\Windows\system32\MLANG.dll 0x73900000
Library C:\Windows\system32\WINTRUST.dll 0x74F60000
Library C:\Windows\system32\imagehlp.dll 0x76080000
Library C:\Windows\system32\Wlanapi.dll 0x73B60000
Library C:\Windows\system32\OneX.DLL 0x70DF0000
Library C:\Windows\system32\eappprxy.dll 0x73A90000
Library C:\Windows\system32\eappcfg.dll 0x73A60000
Library C:\Windows\system32\bcrypt.dll 0x75580000
Library C:\Windows\System32\AltTab.dll 0x73140000
Library C:\Windows\system32\wpdshserviceobj.dll 0x730E0000
Library C:\Windows\system32\WINHTTP.dll 0x71370000
Library C:\Windows\System32\srchadmin.dll 0x712D0000
Library C:\Windows\System32\webcheck.dll 0x71290000
Library C:\Windows\System32\SyncCenter.dll 0x705C0000
Library C:\Windows\system32\wscntfy.dll 0x71330000
Library C:\Windows\system32\WSCAPI.dll 0x75050000
Library C:\Windows\system32\btncopy.dll 0x10000000
Library C:\Windows\system32\bthprops.cpl 0x70CF0000
Library C:\Windows\system32\PortableDeviceTypes.dll 0x730B0000
Library C:\Windows\System32\QAgent.dll 0x72F20000
Library C:\Windows\System32\fwpuclnt.dll 0x70C50000
Library C:\Windows\system32\PortableDeviceApi.dll 0x709C0000
Library C:\Windows\system32\MPR.dll 0x757F0000
Library C:\Windows\System32\ntlanman.dll 0x72140000
Library C:\Windows\System32\drprov.dll 0x73130000
Library C:\Windows\System32\davclnt.dll 0x73120000
Library C:\Windows\system32\imapi2.dll 0x70560000
Process C:\Users\Administrator\Downloads\Gmer-19357.exe(2014-06-23 19:06:21) 1372
Library C:\Users\Administrator\Downloads\Gmer-19357.exe 0x00400000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.DLL 0x72160000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\SHLWAPI.dll 0x77340000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 0x74D70000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\version.dll 0x75560000
Library C:\Windows\system32\WinTrust.dll 0x74F60000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\imagehlp.dll 0x76080000
Library C:\Windows\system32\rsaenh.dll 0x75160000
Library C:\Windows\system32\ncrypt.dll 0x755D0000
Library C:\Windows\system32\BCRYPT.dll 0x75580000
Library C:\Windows\system32\psapi.dll 0x75D30000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\GPAPI.dll 0x75410000
Library C:\Windows\system32\slc.dll 0x756B0000
Library C:\Windows\system32\cryptnet.dll 0x70C30000
Library C:\Windows\system32\SensApi.dll 0x73A50000
Library C:\Windows\system32\SHELL32.dll 0x762A0000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\Cabinet.dll 0x70C10000
Library C:\Windows\system32\WINHTTP.dll 0x71370000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Library C:\Windows\System32\wship6.dll 0x75430000
Library C:\Windows\system32\IPHLPAPI.DLL 0x75650000
Library C:\Windows\system32\dhcpcsvc.DLL 0x754D0000
Library C:\Windows\system32\DNSAPI.dll 0x758A0000
Library C:\Windows\system32\WINNSI.DLL 0x75850000
Library C:\Windows\system32\dhcpcsvc6.DLL 0x75610000
Process C:\Users\Administrator\Downloads\Gmer-19357.exe(2014-06-23 19:06:21) 1512
Library C:\Users\Administrator\Downloads\Gmer-19357.exe 0x00400000
Library C:\Windows\system32\ntdll.dll 0x77720000
Library C:\Windows\system32\kernel32.dll 0x75F20000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.DLL 0x72160000
Library C:\Windows\system32\ADVAPI32.dll 0x76DC0000
Library C:\Windows\system32\RPCRT4.dll 0x77270000
Library C:\Windows\system32\GDI32.dll 0x77220000
Library C:\Windows\system32\USER32.dll 0x76F60000
Library C:\Windows\system32\IMM32.DLL 0x77850000
Library C:\Windows\system32\MSCTF.dll 0x76E90000
Library C:\Windows\system32\msvcrt.dll 0x76100000
Library C:\Windows\system32\LPK.DLL 0x76DB0000
Library C:\Windows\system32\USP10.dll 0x77900000
Library C:\Windows\system32\ole32.dll 0x75DD0000
Library C:\Windows\system32\SHLWAPI.dll 0x77340000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll 0x74D70000
Library C:\Windows\system32\version.dll 0x75560000
Library C:\Windows\system32\WinTrust.dll 0x74F60000
Library C:\Windows\system32\CRYPT32.dll 0x756F0000
Library C:\Windows\system32\MSASN1.dll 0x75860000
Library C:\Windows\system32\USERENV.dll 0x75C80000
Library C:\Windows\system32\Secur32.dll 0x75C60000
Library C:\Windows\system32\imagehlp.dll 0x76080000
Library C:\Windows\system32\rsaenh.dll 0x75160000
Library C:\Windows\system32\ncrypt.dll 0x755D0000
Library C:\Windows\system32\BCRYPT.dll 0x75580000
Library C:\Windows\system32\psapi.dll 0x75D30000
Library C:\Windows\system32\NTMARTA.DLL 0x75080000
Library C:\Windows\system32\WLDAP32.dll 0x760B0000
Library C:\Windows\system32\WS2_32.dll 0x771F0000
Library C:\Windows\system32\NSI.dll 0x773A0000
Library C:\Windows\system32\SAMLIB.dll 0x75880000
Library C:\Windows\system32\GPAPI.dll 0x75410000
Library C:\Windows\system32\slc.dll 0x756B0000
Library C:\Windows\system32\cryptnet.dll 0x70C30000
Library C:\Windows\system32\SensApi.dll 0x73A50000
Library C:\Windows\system32\SHELL32.dll 0x762A0000
Library C:\Windows\system32\NETAPI32.dll 0x75990000
Library C:\Windows\system32\Cabinet.dll 0x70C10000
Library C:\Windows\system32\WINHTTP.dll 0x71370000
Library C:\Windows\system32\mswsock.dll 0x75510000
Library C:\Windows\System32\wshtcpip.dll 0x75440000
Library C:\Windows\System32\wship6.dll 0x75430000
Library C:\Windows\system32\IPHLPAPI.DLL 0x75650000
Library C:\Windows\system32\dhcpcsvc.DLL 0x754D0000
Library C:\Windows\system32\DNSAPI.dll 0x758A0000
Library C:\Windows\system32\WINNSI.DLL 0x75850000
Library C:\Windows\system32\dhcpcsvc6.DLL 0x75610000
Process (*** hidden *** ) [4] 83652860
|
|
23.06.2014, 22:50
| #5 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Gmer zum Vierten Code:
ATTFilter ---- Services - GMER 2.1 ----
Service C:\Windows\system32\netfxperf.dll .NET CLR Data
Service C:\Windows\system32\netfxperf.dll .NET CLR Networking
Service C:\Windows\system32\netfxperf.dll .NET CLR Networking 4.0.0.0
Service C:\Windows\system32\netfxperf.dll .NET Data Provider for Oracle
Service C:\Windows\system32\netfxperf.dll .NET Data Provider for SqlServer
Service C:\Windows\system32\mscoree.dll .NETFramework
Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation SIGNED)(2010-01-09 13:05:56) [BOOT] ACPI
Service C:\Windows\system32\drivers\ADIHdAud.sys [MANUAL] ADIHdAudAddService
Service C:\Windows\system32\drivers\adp94xx.sys [DISABLED] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys [DISABLED] adpahci
Service C:\Windows\system32\drivers\adpu160m.sys [DISABLED] adpu160m
Service C:\Windows\system32\drivers\adpu320.sys [DISABLED] adpu320
Service adsi
Service C:\Windows\System32\aelupsvc.dll [AUTO] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys [SYSTEM] AFD
Service C:\Windows\system32\agrsmsvc.exe [AUTO] AgereModemAudio
Service C:\Windows\system32\DRIVERS\AGRSM.sys [MANUAL] AgereSoftModem
Service C:\Windows\system32\drivers\agp440.sys [MANUAL] agp440
Service C:\Windows\system32\drivers\djsvs.sys [DISABLED] aic78xx
Service C:\Windows\System32\alg.exe [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys [DISABLED] aliide
Service C:\Windows\system32\drivers\amdagp.sys [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys [DISABLED] amdide
Service C:\Windows\system32\drivers\amdk7.sys [DISABLED] AmdK7
Service C:\Windows\system32\DRIVERS\amdk8.sys [MANUAL] AmdK8
Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [AUTO] AntiVirScheduler
Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [AUTO] AntiVirService
Service C:\Windows\System32\appinfo.dll [MANUAL] Appinfo
Service C:\Windows\system32\drivers\arc.sys [DISABLED] arc
Service C:\Windows\system32\drivers\arcsas.sys [DISABLED] arcsas
Service C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Winlogon notification handler/Cognizance Corporation)(2007-02-07 01:30:00) [AUTO] ASBroker
Service C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [AUTO] ASChannel
Service c:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll ASP.NET_1.1.4322
Service C:\Windows\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:23) [BOOT] atapi
Service C:\Windows\system32\Ati2evxx.exe [AUTO] Ati External Event Utility
Service Atierecord
Service C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI PCIE Driver for ATI PCIE chipset/ATI Technologies Inc. SIGNED)(2007-06-30 04:44:28) [BOOT] AtiPcie
Service C:\Windows\system32\DRIVERS\ATSwpDrv.sys [MANUAL] ATSWPDRV
Service C:\Windows\System32\Audiosrv.dll [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\Audiosrv.dll [AUTO] Audiosrv
Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [SYSTEM] avgio
Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [MANUAL] avgntflt
Service C:\Windows\system32\DRIVERS\avipbb.sys [SYSTEM] avipbb
Service C:\Windows\system32\DRIVERS\b57nd60x.sys [MANUAL] b57nd60x
Service C:\Windows\system32\drivers\BattC.sys (Battery Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33) BattC
Service C:\Windows\system32\DRIVERS\bcmwl6.sys [MANUAL] BCM43XV
Service C:\Windows\system32\DRIVERS\bcmwl6.sys [MANUAL] BCM43XX
Service C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [AUTO] BcmSqlStartupSvc
Service C:\Windows\system32\drivers\Beep.sys (BEEP Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:41) [SYSTEM] Beep
Service C:\Windows\System32\bfe.dll [AUTO] BFE
Service C:\Windows\System32\qmgr.dll [AUTO] BITS
Service system32\drivers\blbdrive.sys [DISABLED] blbdrive
Service C:\Windows\system32\DRIVERS\bowser.sys [MANUAL] bowser
Service C:\Windows\system32\drivers\brfiltlo.sys [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys [MANUAL] BrFiltUp
Service C:\Windows\System32\browser.dll [AUTO] Browser
Service C:\Windows\system32\drivers\brserid.sys [DISABLED] Brserid
Service C:\Windows\system32\drivers\brserwdm.sys [DISABLED] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys [DISABLED] BrUsbMdm
Service C:\Windows\system32\drivers\brusbser.sys [MANUAL] BrUsbSer
Service C:\Windows\system32\DRIVERS\BthEnum.sys [MANUAL] BthEnum
Service C:\Windows\system32\drivers\bthmodem.sys [DISABLED] BTHMODEM
Service C:\Windows\system32\DRIVERS\bthpan.sys [MANUAL] BthPan
Service C:\Windows\System32\Drivers\BTHport.sys [MANUAL] BTHPORT
Service C:\Windows\System32\bthserv.dll [AUTO] BthServ
Service C:\Windows\System32\Drivers\BTHUSB.sys [MANUAL] BTHUSB
Service BTKRNL
Service C:\Windows\system32\drivers\btwaudio.sys [MANUAL] btwaudio
Service C:\Windows\system32\drivers\btwavdt.sys [MANUAL] btwavdt
Service C:\Windows\system32\DRIVERS\btwrchid.sys [MANUAL] btwrchid
Service C:\Windows\system32\drivers\BVRPMPR5.SYS [MANUAL] BVRPMPR5
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:58) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:32) [SYSTEM] cdrom
Service C:\Windows\System32\certprop.dll [MANUAL] CertPropSvc
Service C:\Windows\system32\drivers\circlass.sys [DISABLED] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:25) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\system32\DRIVERS\CmBatt.sys [MANUAL] CmBatt
Service C:\Windows\system32\drivers\cmdide.sys [DISABLED] cmdide
Service CognizanceCredMgr
Service C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [MANUAL] Com4Qlb
Service C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:17) [BOOT] Compbatt
Service C:\Windows\system32\dllhost.exe [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation SIGNED)(2006-11-02 08:52:27) [BOOT] crcdisk
Service C:\Windows\system32\drivers\crusoe.sys [DISABLED] Crusoe
Service crypt32
Service C:\Windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation SIGNED)(2010-01-09 13:04:39) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation SIGNED)(2009-04-16 06:35:46) [AUTO] DcomLaunch
Service C:\Windows\System32\Drivers\dfsc.sys [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe [MANUAL] DFSR
Service C:\Windows\System32\dhcpcsvc.dll (DHCP Client Service/Microsoft Corporation SIGNED)(2010-01-09 13:05:08) [AUTO] Dhcp
Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:22) [BOOT] disk
Service C:\Windows\System32\dnsrslvr.dll [AUTO] Dnscache
Service C:\Windows\System32\dot3svc.dll [MANUAL] dot3svc
Service C:\Windows\system32\dps.dll [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys [MANUAL] DXGKrnl
Service C:\Windows\system32\DRIVERS\E1G60I32.sys [MANUAL] E1G60
Service C:\Windows\system32\DRIVERS\eabfiltr.sys [SYSTEM] eabfiltr
Service eabusb
Service C:\Windows\System32\eapsvc.dll [MANUAL] EapHost
Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation SIGNED)(2010-01-09 13:06:02) [BOOT] Ecache
Service C:\Windows\system32\drivers\elxstor.sys [DISABLED] elxstor
Service C:\Windows\system32\emdmgmt.dll EmdCache
Service C:\Windows\system32\emdmgmt.dll [AUTO] EMDMgmt
Service C:\Windows\system32\esentprf.dll ESENT
Service C:\Windows\System32\wevtsvc.dll (Event Logging Service/Microsoft Corporation SIGNED)(2010-01-09 13:07:26) [AUTO] Eventlog
Service C:\Windows\system32\es.dll (COM+/Microsoft Corporation SIGNED)(2008-08-21 17:11:17) [AUTO] EventSystem
Service C:\Windows\system32\drivers\exfat.sys [MANUAL] exfat
Service C:\Windows\system32\drivers\fastfat.sys [MANUAL] fastfat
Service C:\Windows\system32\DRIVERS\fdc.sys [DISABLED] fdc
Service C:\Windows\system32\fdPHost.dll [MANUAL] fdPHost
Service C:\Windows\system32\fdrespub.dll [AUTO] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:39) [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys [MANUAL] Filetrace
Service C:\Windows\system32\DRIVERS\flpydisk.sys [DISABLED] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation SIGNED)(2010-01-09 13:05:30) [BOOT] FltMgr
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0
Service C:\Windows\system32\drivers\Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:31) [SYSTEM] Fs_Rec
Service C:\Windows\system32\drivers\gagp30kx.sys [MANUAL] gagp30kx
Service C:\Windows\System32\gpsvc.dll [AUTO] gpsvc
Service C:\Program Files\Google\Update\GoogleUpdate.exe [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe [MANUAL] gupdatem
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc
Service C:\Windows\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P. SIGNED)(2007-06-30 06:19:44) [MANUAL] HBtnKey
Service C:\Windows\system32\drivers\HdAudio.sys [MANUAL] HdAudAddService
Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:25) [MANUAL] HDAudBus
Service C:\Windows\system32\DRIVERS\hidbth.sys [MANUAL] HidBth
Service C:\Windows\system32\drivers\hidir.sys [DISABLED] HidIr
Service C:\Windows\system32\hidserv.dll [AUTO] hidserv
Service C:\Windows\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service C:\Windows\system32\kmsvc.dll [MANUAL] hkmsvc
Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [AUTO] HP Health Check Service
Service C:\Windows\system32\drivers\hpcisss.sys [DISABLED] HpCISSs
Service C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [MANUAL] hpqcxs08
Service C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [AUTO] hpqddsvc
Service C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [AUTO] hpqwmiex
Service C:\Windows\system32\DRIVERS\HPZid412.sys [MANUAL] HPZid412
Service C:\Windows\system32\DRIVERS\HPZipr12.sys [MANUAL] HPZipr12
Service C:\Windows\system32\DRIVERS\HPZius12.sys [MANUAL] HPZius12
Service C:\Windows\system32\DRIVERS\VSTAZL3.SYS [MANUAL] HSFHWAZL
Service C:\Windows\system32\DRIVERS\VSTDPV3.SYS [MANUAL] HSF_DPV
Service C:\Windows\system32\drivers\HTTP.sys [MANUAL] HTTP
Service C:\Windows\system32\drivers\i2omp.sys [DISABLED] i2omp
Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:36) [SYSTEM] i8042prt
Service C:\Windows\system32\drivers\iastorv.sys [DISABLED] iaStorV
Service C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [MANUAL] IDriverT
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc
Service C:\Windows\system32\drivers\iirsp.sys [DISABLED] iirsp
Service C:\Windows\System32\ikeext.dll [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\intelide.sys [DISABLED] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys [DISABLED] intelppm
Service C:\Windows\system32\ipbusenum.dll [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\Windows\System32\iphlpsvc.dll [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Windows\system32\drivers\ipmidrv.sys [DISABLED] IPMIDRV
Service C:\Windows\system32\DRIVERS\ipnat.sys [MANUAL] IPNAT
Service C:\Windows\system32\drivers\irenum.sys [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys [DISABLED] isapnp
Service C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:01) [MANUAL] iScsiPrt
Service C:\Windows\system32\drivers\iteatapi.sys [DISABLED] iteatapi
Service C:\Windows\system32\drivers\iteraid.sys [DISABLED] iteraid
Service C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [AUTO] IviRegMgr
Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:12) [SYSTEM] kbdclass
Service C:\Windows\system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:56) [SYSTEM] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) [BOOT] KSecDD
Service C:\Windows\system32\msdtckrm.dll [AUTO] KtmRm
Service C:\Windows\system32\srvsvc.dll [AUTO] LanmanServer
Service C:\Windows\System32\wkssvc.dll [AUTO] LanmanWorkstation
Service ldap
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe [AUTO] LightScribeService
Service C:\Windows\system32\DRIVERS\lltdio.sys [AUTO] lltdio
Service C:\Windows\System32\lltdsvc.dll [MANUAL] lltdsvc
Service C:\Windows\System32\lmhsvc.dll [AUTO] lmhosts
Service C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation SIGNED)(2009-08-13 18:48:00) Lsa
Service C:\Windows\system32\drivers\lsi_fc.sys [DISABLED] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys [DISABLED] LSI_SAS
Service C:\Windows\system32\drivers\lsi_scsi.sys [DISABLED] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys [AUTO] luafv
Service C:\Windows\system32\DRIVERS\lvrs.sys [MANUAL] LVRS
Service C:\Windows\system32\DRIVERS\lvuvc.sys [MANUAL] LVUVC
Service C:\Windows\system32\drivers\mbam.sys [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [AUTO] MBAMScheduler
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [AUTO] MBAMService
Service C:\Windows\system32\drivers\megasas.sys [DISABLED] megasas
Service C:\Windows\system32\mmcss.dll [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10) [SYSTEM] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation SIGNED)(2010-01-09 13:04:42) [BOOT] MountMgr
Service C:\Windows\system32\drivers\mpio.sys [DISABLED] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys [MANUAL] mpsdrv
Service C:\Windows\system32\mpssvc.dll [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mraid35x.sys [DISABLED] Mraid35x
Service C:\Windows\system32\drivers\mrxdav.sys [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys [DISABLED] msahci
Service C:\Windows\system32\drivers\msdsm.sys [DISABLED] msdsm
Service C:\Windows\system32\msdtcuiu.DLL [MANUAL] MSDTC
Service C:\Windows\system32\NETFXPerf.dll MSDTC Bridge 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\drivers\Msfs.sys (Mailslot driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:57) [SYSTEM] Msfs
Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:43) [BOOT] msisadrv
Service C:\Windows\system32\iscsiexe.dll [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec /V [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\Windows\system32\drivers\MsRPC.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation SIGNED)(2010-01-09 13:04:27) [MANUAL] MsRPC
Service C:\Windows\system32\msscntrs.dll MSSCNTRS
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:10) [MANUAL] mssmbios
Service C:\Windows\system32\sqlctr90.dll [AUTO] MSSQL$MSSMLBIZ
Service c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [DISABLED] MSSQLServerADHelper
Service C:\Windows\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:47) [BOOT] Mup
Service C:\Windows\system32\qagentRT.dll [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:54) [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service C:\Windows\system32\drivers\NDProxy.sys [MANUAL] NDProxy
Service C:\Windows\system32\HPZinw12.dll [AUTO] Net Driver HPZ12
Service C:\Windows\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) [MANUAL] Netlogon
Service C:\Windows\System32\netman.dll [MANUAL] Netman
Service C:\Windows\System32\netprofm.dll [AUTO] netprofm
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\drivers\nfrd960.sys [DISABLED] nfrd960
Service C:\Windows\System32\nlasvc.dll [AUTO] NlaSvc
Service C:\Windows\system32\drivers\Npfs.sys (NPFS Driver/Microsoft Corporation SIGNED)(2010-01-09 13:02:14) [SYSTEM] Npfs
Service C:\Windows\system32\nsisvc.dll [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys [SYSTEM] nsiproxy
Service NTDS
Service C:\Windows\system32\drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation SIGNED)(2010-01-09 13:07:38) [MANUAL] Ntfs
Service C:\Windows\system32\drivers\ntrigdigi.sys [DISABLED] ntrigdigi
Service C:\Windows\system32\drivers\Null.sys (NULL Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38) [SYSTEM] Null
Service C:\Windows\system32\drivers\nvraid.sys [DISABLED] nvraid
Service C:\Windows\system32\drivers\nvstor.sys [DISABLED] nvstor
Service C:\Windows\system32\drivers\nv_agp.sys [MANUAL] nv_agp
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Windows\system32\DRIVERS\ohci1394.sys [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service C:\Windows\system32\p2psvc.dll [MANUAL] p2pimsvc
Service C:\Windows\system32\p2psvc.dll [MANUAL] p2psvc
Service C:\Windows\system32\DRIVERS\parport.sys [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:44) [BOOT] partmgr
Service C:\Windows\system32\DRIVERS\parvdm.sys [AUTO] Parvdm
Service C:\Windows\System32\pcasvc.dll [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:05:54) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:02) [BOOT] pciide
Service C:\Windows\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:50) [BOOT] pcmcia
Service C:\Program Files\PDF Complete\pdfsvc.exe [AUTO] pdfcDispatcher
Service C:\Windows\System32\Drivers\PDNMp50.sys [MANUAL] PDNMp50
Service C:\Windows\System32\Drivers\PDNSp50.sys [MANUAL] PDNSp50
Service C:\Windows\system32\drivers\peauth.sys [AUTO] PEAUTH
Service C:\Windows\system32\perfdisk.dll PerfDisk
Service C:\Windows\system32\perfnet.dll PerfNet
Service C:\Windows\system32\perfos.dll PerfOS
Service C:\Windows\system32\perfproc.dll PerfProc
Service C:\Windows\system32\pla.dll [MANUAL] pla
Service C:\Windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation SIGNED)(2010-01-09 13:05:34) [AUTO] PlugPlay
Service C:\Windows\system32\HPZipm12.dll [AUTO] Pml Driver HPZ12
Service C:\Windows\system32\p2psvc.dll [MANUAL] PNRPAutoReg
Service C:\Windows\system32\p2psvc.dll [MANUAL] PNRPsvc
Service C:\Windows\System32\ipsecsvc.dll [AUTO] PolicyAgent
Service PortProxy
Service C:\Windows\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\Windows\system32\drivers\processr.sys [DISABLED] Processor
Service C:\Windows\system32\profsvc.dll (ProfSvc/Microsoft Corporation SIGNED)(2010-01-09 13:04:49) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) [MANUAL] ProtectedStorage
Service C:\Windows\system32\pacerprf.dll [SYSTEM] PSched
Service C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)(2006-07-24 01:00:00) [BOOT] PxHelp20
Service C:\Windows\system32\drivers\ql2300.sys [DISABLED] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys [DISABLED] ql40xx
Service C:\Windows\system32\qwave.dll [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys [MANUAL] QWAVEdrv
Service C:\Windows\system32\DRIVERS\atikmdag.sys [MANUAL] R300
Service C:\Windows\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\Windows\System32\rasauto.dll [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\Windows\System32\rasmans.dll [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys [SYSTEM] rdbss
Service C:\Windows\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpdr.sys [DISABLED] rdpdr
Service C:\Windows\system32\drivers\rdpencdd.sys [SYSTEM] RDPENCDD
Service RDPNP
Service C:\Windows\system32\drivers\RDPWD.sys [MANUAL] RDPWD
Service C:\Windows\System32\mprdim.dll [DISABLED] RemoteAccess
Service C:\Windows\system32\regsvc.dll [MANUAL] RemoteRegistry
Service C:\Windows\system32\DRIVERS\rfcomm.sys [MANUAL] RFCOMM
Service c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [MANUAL] RoxMediaDB9
Service C:\Windows\system32\locator.exe [MANUAL] RpcLocator
Service C:\Windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation SIGNED)(2009-04-16 06:35:46) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys [AUTO] rspndr
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation SIGNED)(2009-08-13 18:48:01) [AUTO] SamSs
Service C:\Windows\system32\drivers\sbp2port.sys [DISABLED] sbp2port
Service C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [AUTO] SBSDWSCService
Service C:\Windows\System32\SCardSvr.dll [MANUAL] SCardSvr
Service C:\Windows\system32\schedsvc.dll [AUTO] Schedule
Service C:\Windows\System32\certprop.dll [MANUAL] SCPolicySvc
Service C:\Windows\system32\DRIVERS\sdbus.sys [DISABLED] sdbus
Service C:\Windows\System32\SDRSVC.dll [MANUAL] SDRSVC
Service C:\Windows\system32\drivers\secdrv.sys [AUTO] secdrv
Service C:\Windows\system32\seclogon.dll [AUTO] seclogon
Service C:\Windows\System32\sens.dll [AUTO] SENS
Service C:\Windows\system32\drivers\serenum.sys [MANUAL] Serenum
Service C:\Windows\system32\drivers\serial.sys [DISABLED] Serial
Service C:\Windows\system32\drivers\sermouse.sys [DISABLED] sermouse
Service C:\Windows\system32\NETFXPerf.dll ServiceModelEndpoint 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll ServiceModelOperation 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll ServiceModelService 3.0.0.0
Service C:\Windows\system32\sessenv.dll [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys [DISABLED] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sfloppy.sys [DISABLED] sfloppy
Service C:\Windows\System32\ipnathlp.dll [DISABLED] SharedAccess
Service C:\Windows\System32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation SIGNED)(2011-03-06 18:02:43) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys [MANUAL] sisagp
Service C:\Windows\system32\drivers\sisraid2.sys [DISABLED] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys [DISABLED] SiSRaid4
Service C:\Program Files\Skype\Updater\Updater.exe [AUTO] SkypeUpdate
Service C:\Windows\system32\SLsvc.exe [AUTO] slsvc
Service C:\Windows\system32\SLUINotify.dll [MANUAL] SLUINotify
Service C:\Windows\system32\DRIVERS\smb.sys [SYSTEM] Smb
Service C:\Windows\system32\NETFXPerf.dll SMSvcHost 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll SMSvcHost 4.0.0.0
Service C:\Windows\System32\snmptrap.exe [MANUAL] SNMPTRAP
Service C:\Windows\system32\drivers\spldr.sys [BOOT] spldr
Service C:\Windows\system32\winspool.drv [AUTO] Spooler
Service c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [AUTO] SQLBrowser
Service c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [AUTO] SQLWriter
Service C:\Windows\System32\DRIVERS\srv.sys [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys [MANUAL] srvnet
Service C:\Windows\System32\ssdpsrv.dll [MANUAL] SSDPSRV
Service C:\Windows\system32\DRIVERS\ssmdrv.sys [SYSTEM] ssmdrv
Service C:\Windows\system32\sstpsvc.dll [MANUAL] SstpSvc
Service C:\Windows\System32\wiaservc.dll [AUTO] stisvc
Service c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [MANUAL] stllssvr
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:45) [MANUAL] swenum
Service C:\Windows\System32\swprv.dll [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys [DISABLED] Symc8xx
Service C:\Windows\system32\drivers\sym_hi.sys [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys [DISABLED] Sym_u3
Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc. SIGNED)(2007-01-12 13:59:02) [MANUAL] SynTP
Service C:\Windows\system32\sysmain.dll [AUTO] SysMain
Service C:\Windows\System32\TabSvc.dll [AUTO] TabletInputService
Service C:\Windows\System32\tapisrv.dll [MANUAL] TapiSrv
Service C:\Windows\System32\tbssvc.dll [AUTO] TBS
Service C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [AUTO] TBSrv
Service C:\Windows\system32\Perfctrs.dll [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation SIGNED)(2010-12-26 05:40:45) [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation SIGNED)(2010-01-09 13:04:33) [SYSTEM] TermDD
Service C:\Windows\System32\termsrv.dll [AUTO] TermService
Service C:\Windows\system32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation SIGNED)(2011-03-06 18:02:43) [AUTO] Themes
Service C:\Windows\system32\mmcss.dll [MANUAL] THREADORDER
Service C:\Windows\system32\drivers\tpm.sys [MANUAL] TPM
Service C:\Windows\System32\trkwks.dll [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys [MANUAL] tunnel
Service C:\Windows\system32\drivers\uagp35.sys [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys [DISABLED] udfs
Service C:\Windows\system32\msscntrs.dll UGatherer
Service C:\Windows\system32\msscntrs.dll UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys [DISABLED] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys [DISABLED] ulsata2
Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation SIGNED)(2010-01-09 13:03:50) [MANUAL] umbus
Service C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [AUTO] UMVPFSrv
Service C:\Windows\System32\upnphost.dll [AUTO] upnphost
Service usb
Service C:\Windows\system32\drivers\usbaudio.sys [MANUAL] usbaudio
Service C:\Windows\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys [DISABLED] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:03:54) [MANUAL] usbehci
Service C:\Windows\system32\usbperf.dll [MANUAL] usbhub
Service C:\Windows\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:49) [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys [DISABLED] usbuhci
Service C:\Windows\System32\Drivers\usbvideo.sys [MANUAL] usbvideo
Service C:\Windows\System32\uxsms.dll [AUTO] UxSms
Service C:\Windows\System32\vds.exe [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation SIGNED)(2010-01-09 13:01:38) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\viaagp.sys [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys [DISABLED] ViaC7
Service C:\Windows\system32\drivers\viaide.sys [DISABLED] viaide
Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:05) [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation SIGNED)(2010-01-09 13:05:50) [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation SIGNED)(2010-01-09 13:06:29) [BOOT] volsnap
Service C:\Windows\system32\drivers\vsmraid.sys [DISABLED] vsmraid
Service C:\Windows\system32\vssvc.exe [MANUAL] VSS
Service C:\Windows\system32\w32time.dll [AUTO] W32Time
Service W3SVC
Service C:\Windows\system32\drivers\wacompen.sys [DISABLED] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service C:\Windows\system32\DRIVERS\wanarp.sys [SYSTEM] Wanarpv6
Service C:\Windows\System32\wcncsvc.dll [MANUAL] wcncsvc
Service C:\Windows\System32\WcsPlugInService.dll [MANUAL] WcsPlugInService
Service C:\Windows\system32\drivers\wd.sys [DISABLED] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation SIGNED)(2010-01-09 13:05:50) [BOOT] Wdf01000
Service C:\Windows\system32\wdi.dll [MANUAL] WdiServiceHost
Service C:\Windows\system32\wdi.dll [MANUAL] WdiSystemHost
Service C:\Windows\System32\webclnt.dll [AUTO] WebClient
Service C:\Windows\system32\wecsvc.dll [MANUAL] Wecsvc
Service C:\Windows\System32\wercplsupport.dll [MANUAL] wercplsupport
Service C:\Windows\System32\WerSvc.dll [AUTO] WerSvc
Service C:\Windows\system32\DRIVERS\wimfltr.sys [MANUAL] WimFltr
Service C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [MANUAL] winachsf
Service C:\Program Files\Windows Defender\mpsvc.dll (Service Module/Microsoft Corporation SIGNED)(2010-01-09 13:06:52) [AUTO] WinDefend
Service C:\Windows\system32\netfxperf.dll Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\winhttp.dll (Windows HTTP Services/Microsoft Corporation SIGNED)(2009-12-09 09:21:46) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation SIGNED)(2010-01-09 13:03:30) [AUTO] Winmgmt
Service C:\Windows\system32\WsmSvc.dll [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\System32\wlansvc.dll [AUTO] Wlansvc
Service C:\Windows\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation SIGNED)(2010-01-09 13:02:08) [MANUAL] WmiAcpi
Service C:\Windows\system32\wbem\wmiaprpl.dll WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe [MANUAL] WMPNetworkSvc
Service C:\Windows\System32\wpcsvc.dll [MANUAL] WPCSvc
Service C:\Windows\system32\wpdbusenum.dll [AUTO] WPDBusEnum
Service C:\Windows\system32\DRIVERS\wpdusb.sys [MANUAL] WpdUsb
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [MANUAL] WPFFontCache_v0400
Service C:\Windows\system32\drivers\ws2ifsl.sys [DISABLED] ws2ifsl
Service C:\Windows\System32\wscsvc.dll [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe [AUTO] WSearch
Service C:\Windows\system32\tquery.dll WSearchIdxPi
Service C:\Windows\system32\wuaueng.dll [AUTO] wuauserv
Service C:\Windows\system32\DRIVERS\WUDFRd.sys [MANUAL] WUDFRd
Service C:\Windows\System32\WUDFSvc.dll [AUTO] wudfsvc
Service xmlprov
Service {19A0E323-5E02-423B-8DC8-904509560B31}
Service {59E5D54E-6C22-400B-ACBB-5AC2C581A5FF}
Service {8ABCFD18-449E-4B8B-8891-51A510458B29}
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f5daa9
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37057ed5
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641f5daa9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37057ed5 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Schönen Gruss und vielen Dank für die Hilfe... Andreas |
|
25.06.2014, 21:51
| #6 |
| Ruhe in Frieden † 2019     | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. Ich bedanke mich für deine Geduld 
__________________ --> Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien |
|
25.06.2014, 22:41
| #7 |
| Ruhe in Frieden † 2019 | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Hallo Quickslay, Schritt 1 Bitte deinstalliere folgende Programme: Conduit Engine IncrediMail MediaBar 2 Toolbar Dazu gehe auf Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Schritt 5 Starte noch einmal FRST.
|
|
28.06.2014, 12:37
| #8 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Hallo Sandra... Vielen Dank für die Hilfe. Hier die Resultate der Scans: Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-28 13:17:46 Run:1
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
Code:
ATTFilter Detected Windows version: 6.0 Build 6001 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x000000E8
1 valid drive(s) found.
Details for Disk 0 - TOSHIBA MK8037GSX Rev DL232C:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 9729/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : CBF91D75F68BD883DC9D9A98D85CB747B19B5171
MD5 : 97B45F8522380F396E142A324FDCBB82
Code:
ATTFilter Farbar Service Scanner Version: 10-06-2014
Ran by Administrator (administrator) on 28-06-2014 at 13:23:33
Running from "C:\Users\Administrator\Desktop"
Windows Vista (TM) Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
Unable to retrieve ServiceDll of winmgmt. The value does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
**** End of log ****
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Administrator (administrator) on JOSEF-PC on 23-06-2014 21:04:25
Running from C:\Users\Administrator\Downloads
Platform: Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Windows\System32\lpremove.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
========================== Services (Whitelisted) =================
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 Winmgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:07 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-23 21:04 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-23 21:03 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-23 20:47 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
==================== One Month Modified Files and Folders =======
2014-06-23 21:07 - 2014-06-23 21:04 - 00016681 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:07 - 2007-11-25 21:09 - 01122012 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 21:06 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-23 21:03 - 2014-06-23 21:02 - 01073152 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-23 20:50 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 20:48 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:48 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 20:47 - 2014-06-22 15:22 - 00000740 _____ () C:\Windows\PFRO.log
2014-06-22 19:04 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-22 19:04 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:42 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:49 - 2010-12-20 14:03 - 00000000 ____D () C:\Program Files\IncrediMail_MediaBar_2
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:37 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 19:07 - 2014-06-16 16:40 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
2014-06-21 12:08 - 2014-06-21 12:01 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:47 - 2014-06-17 20:45 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-17 20:14 - 2014-06-17 20:07 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:48 - 2014-06-17 10:47 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:29 - 2014-06-16 19:27 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:23 - 2014-06-16 19:21 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-23 20:53
==================== End Of Log ============================
So, das müsste alles sein... LG Andreas |
|
28.06.2014, 22:30
| #9 |
| Ruhe in Frieden † 2019 | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Hallo Quickslay, du hast mir das alte FRST-log gepostet. Der MBR ist sauber, das ist schön. Schritt 1 Lade dir die angehängte Datei auf den betroffenen Rechner herunter. Führe sie aus. Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Reg: reg add "hklm\System\CurrentControlSet\services\winmgmt\parameters" /v Servicedll /t REG_EXPAND_SZ /d ^%Systemroot^%\system32\wbem\WMIsvc.dll /f
reboot:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Bitte noch ein Log mit Farbars Service Scanner, brauchst du dir nicht extra wieder runterladen Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. Schritt 4 Bitte ein aktuelles FRST-log |
|
28.06.2014, 23:05
| #10 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Das Importieren der angehängten Datei ist leider fehlgeschlagen. Folgende Fehlermeldung tritt auf: [Window Title] Registrierungs-Editor [Content] C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72RAZTNU\legacy_wscsvc[1].reg kann nicht importiert werden: Fehler beim Zugriff auf die Registrierung. [OK] |
|
29.06.2014, 00:07
| #12 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Ich bin als Admin angemeldet. Ansonsten hatte ich nicht die Möglichkeit eine Ausführung als Admin zu starten- Hier noch die Logs: Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-29 00:34:06 Run:3
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Reg: reg add "hklm\System\CurrentControlSet\services\winmgmt\parameters" /v Servicedll /t REG_EXPAND_SZ /d ^%Systemroot^%\system32\wbem\WMIsvc.dll /f
reboot:
*****************
========= reg add "hklm\System\CurrentControlSet\services\winmgmt\parameters" /v Servicedll /t REG_EXPAND_SZ /d ^%Systemroot^%\system32\wbem\WMIsvc.dll /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Farbar Service Scanner Version: 10-06-2014
Ran by Administrator (administrator) on 29-06-2014 at 00:51:22
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
**** End of log ****
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Administrator (administrator) on JOSEF-PC on 29-06-2014 00:53:42
Running from C:\Users\Administrator\Downloads
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
========================== Services (Whitelisted) =================
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-29 00:28 - 2014-06-29 00:29 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-28 13:23 - 2014-06-29 00:51 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:18 - 2014-06-28 13:19 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 13:01 - 2014-06-28 13:10 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:24 - 2014-06-23 21:25 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:08 - 2014-06-23 21:13 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:06 - 2014-06-23 21:16 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-29 00:53 - 00016249 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-29 00:53 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-28 13:12 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-28 12:33 - 00000034 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-28 23:57 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
==================== One Month Modified Files and Folders =======
2014-06-29 01:00 - 2014-06-23 21:04 - 00016249 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-29 00:53 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-29 00:52 - 2007-11-25 21:09 - 01252183 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 00:51 - 2014-06-28 13:23 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-29 00:51 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 00:51 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 00:46 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 00:45 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 00:39 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-29 00:38 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-29 00:29 - 2014-06-29 00:28 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-29 00:01 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 23:57 - 2014-06-22 15:22 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:19 - 2014-06-28 13:18 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:12 - 2014-06-23 21:02 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-28 13:10 - 2014-06-28 13:01 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 12:33 - 2014-06-22 15:47 - 00000034 _____ () C:\Windows\setupact.log
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:25 - 2014-06-23 21:24 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:25 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-23 21:16 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:13 - 2014-06-23 21:08 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 19:07 - 2014-06-16 16:40 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
2014-06-21 12:08 - 2014-06-21 12:01 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:47 - 2014-06-17 20:45 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-17 20:14 - 2014-06-17 20:07 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:48 - 2014-06-17 10:47 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:29 - 2014-06-16 19:27 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:23 - 2014-06-16 19:21 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-29 00:55
==================== End Of Log ============================
Das war es.... |
|
30.06.2014, 00:18
| #13 |
| Ruhe in Frieden † 2019 | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Hallo Quickslay, das FSS-log sieht gut aus Wie läuft der Rechner denn nun? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
|
30.06.2014, 19:07
| #14 |
| | Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien Das System läuft m.E. zwar immer noch recht lahm (das hat es vorher auch gemacht), aber um einiges schneller als vorher. Hier die neuen Logfiles... Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Administrator at 2014-06-30 15:50:15 Run:4
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Toolbar: HKLM - IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
Toolbar: HKCU - IncrediMail MediaBar 2 Toolbar - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\prxtbInc0.dll (ClientConnect Ltd.)
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Program Files\Tbccint
2014-06-21 12:01 - 2014-06-21 12:08 - 00001016 _____ () C:\ProgramData\RUNDLL32.EXE-3472-F.txt
2014-06-17 20:45 - 2014-06-17 20:47 - 00000398 _____ () C:\ProgramData\RUNDLL32.EXE-3752-F.txt
2014-06-17 20:07 - 2014-06-17 20:14 - 00001030 _____ () C:\ProgramData\RUNDLL32.EXE-3380-F.txt
2014-06-17 10:53 - 2014-06-17 10:53 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3368-F.txt
2014-06-17 10:47 - 2014-06-17 10:48 - 00000173 _____ () C:\ProgramData\RUNDLL32.EXE-3544-F.txt
2014-06-16 19:27 - 2014-06-16 19:29 - 00001587 _____ () C:\ProgramData\RUNDLL32.EXE-3628-F.txt
2014-06-16 19:21 - 2014-06-16 19:23 - 00001816 _____ () C:\ProgramData\RUNDLL32.EXE-3584-F.txt
2014-06-16 16:40 - 2014-06-21 19:07 - 00000000 ____D () C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} => value deleted successfully.
'HKCR\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => value deleted successfully.
'HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}' => Key deleted successfully.
C:\Users\Administrator\AppData\Local\Conduit => Moved successfully.
C:\Program Files\Tbccint => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3472-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3752-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3380-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3368-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3544-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3628-F.txt => Moved successfully.
C:\ProgramData\RUNDLL32.EXE-3584-F.txt => Moved successfully.
C:\ProgramData\E8E132F91DF6AC9E54AC988C567963BD => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll => Moved successfully.
==== End of Fixlog ====
Den Eset-Online-Scanner habe ich gestartet...mal sehen, wie lange es dauert. Das Protokoll reiche ich direkt nach... Schönen Gruss Andreas Eset Online Scanner Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=13d4f8e29d68b946ae4c006107319d0b
# engine=18953
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-30 04:52:09
# local_time=2014-06-30 06:52:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 152053 241679901 0 0
# scanned=200587
# found=10
# cleaned=0
# scan_time=6364
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1861927244-2452785755-924389474-500\$RXL271E.dll"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1861927244-2452785755-924389474-500\$RYOSN3N.dll"
sh=FDF4ADB3654AC8E84A67513864636A36359C2B31 ft=1 fh=ef83010defedbcf7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Tbccint\ToolbarService\ToolbarService.exe"
sh=93292B6DBC58611C49FA64A41C6C42ECD4F64A5F ft=1 fh=4b88797ea918e26b vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Conduit\Community Alerts\Alert.dll"
sh=FCD354F950BB5C0F50727B05E66468E47DE37704 ft=1 fh=17a42d112428317d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Conduit\CT2724386\IncrediMail_MediaBar_2AutoUpdaterHelper.exe"
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Temp\ConduitEngine.dll.xBAD"
sh=37FDC039C02562267559D42D94DDB64B692FD091 ft=1 fh=7aeecd1bb81f6a22 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\hk64tbInc0.dll"
sh=A6D053127826CDA8DD8FCDBB4E81F63000910624 ft=1 fh=e8f05c501331b563 vn="möglicherweise Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\hktbInc0.dll"
sh=7148AC44C7FE0CB8D30A12ACB28171AE1F609C20 ft=1 fh=779162af1796b620 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc0.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Administrator (administrator) on JOSEF-PC on 30-06-2014 19:23:41
Running from C:\Users\Administrator\Downloads
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-20] (Avira GmbH)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1097728 2006-12-15] (Analog Devices, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [] => [X]
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1861927244-2452785755-924389474-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-24] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [70144 2007-02-26] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
URLSearchHook: HKLM - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
========================== Services (Whitelisted) =================
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-11-11] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-11-11] (Avira GmbH) [File not signed]
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation) [File not signed]
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [X]
==================== Drivers (Whitelisted) ====================
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-28] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-28] (Avira GmbH)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) [File not signed]
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-30] (Malwarebytes Corporation)
S3 PDNMp50; C:\Windows\System32\Drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\System32\Drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-21] (AVIRA GmbH) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-30 16:55 - 2014-06-30 16:55 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-06-30 16:04 - 2014-06-30 16:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 16:03 - 2014-06-30 16:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-30 16:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-30 16:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-30 16:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-30 15:56 - 2014-06-30 15:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 00:28 - 2014-06-29 00:29 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-28 13:23 - 2014-06-29 00:51 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:18 - 2014-06-28 13:19 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 13:01 - 2014-06-28 13:10 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:24 - 2014-06-23 21:25 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:08 - 2014-06-23 21:13 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:06 - 2014-06-23 21:16 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:04 - 2014-06-30 19:23 - 00014940 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-23 21:03 - 2014-06-30 19:23 - 00000000 ____D () C:\FRST
2014-06-23 21:02 - 2014-06-28 13:12 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-23 21:00 - 2014-06-23 21:01 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:52 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 18:41 - 2006-07-11 21:45 - 00001767 _____ () C:\Windows\system32\RSWIcon.icl
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:48 - 2014-06-22 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-28 12:33 - 00000034 _____ () C:\Windows\setupact.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-23 20:55 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:43 - 2014-06-23 21:00 - 00000000 ____D () C:\Users\Administrator
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 15:43 - 2010-12-25 18:25 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 15:22 - 2014-06-28 23:57 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-21 14:46 - 2014-06-21 19:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
==================== One Month Modified Files and Folders =======
2014-06-30 19:25 - 2014-06-23 21:04 - 00014940 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-06-30 19:23 - 2014-06-23 21:03 - 00000000 ____D () C:\FRST
2014-06-30 19:01 - 2010-02-01 05:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 18:34 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 18:34 - 2006-11-02 14:45 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 16:55 - 2014-06-30 16:55 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-06-30 16:52 - 2014-06-30 16:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 16:44 - 2007-11-25 21:09 - 01305339 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 16:37 - 2010-02-01 05:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 16:34 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 16:32 - 2006-11-09 18:42 - 00001401 _____ () C:\Windows\bthservsdp.dat
2014-06-30 16:32 - 2006-11-02 14:58 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-30 16:03 - 2014-06-30 16:03 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-30 16:03 - 2014-06-30 16:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-30 16:03 - 2011-01-12 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 15:57 - 2014-06-30 15:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 00:51 - 2014-06-28 13:23 - 00002380 _____ () C:\Users\Administrator\Desktop\FSS.txt
2014-06-29 00:29 - 2014-06-29 00:28 - 00000866 _____ () C:\Users\Administrator\Desktop\legacy_wscsvc.reg
2014-06-28 23:57 - 2014-06-22 15:22 - 00001554 _____ () C:\Windows\PFRO.log
2014-06-28 13:22 - 2014-06-28 13:22 - 00415744 _____ (Farbar) C:\Users\Administrator\Desktop\FSS.exe
2014-06-28 13:20 - 2014-06-28 13:20 - 00000588 _____ () C:\Users\Administrator\Desktop\emsi.zip
2014-06-28 13:19 - 2014-06-28 13:19 - 00000581 _____ () C:\Users\Administrator\Desktop\MBRMastr_2014.06.28_13.19.28.txt
2014-06-28 13:19 - 2014-06-28 13:19 - 00000512 _____ () C:\Users\Administrator\Desktop\emsi.mbr
2014-06-28 13:19 - 2014-06-28 13:18 - 00788728 _____ (Emsisoft GmbH) C:\Users\Administrator\Desktop\mbrmastr.exe
2014-06-28 13:12 - 2014-06-28 13:12 - 00000000 ____D () C:\Users\Administrator\Downloads\FRST-OlderVersion
2014-06-28 13:12 - 2014-06-23 21:02 - 01073664 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-06-28 13:10 - 2014-06-28 13:01 - 00000672 _____ () C:\Users\Administrator\Desktop\fixlist.txt
2014-06-28 13:03 - 2014-06-28 13:03 - 00001057 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-06-28 13:03 - 2014-06-28 13:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-28 12:33 - 2014-06-22 15:47 - 00000034 _____ () C:\Windows\setupact.log
2014-06-23 23:07 - 2014-06-23 23:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-06-23 23:05 - 2014-06-23 23:05 - 00388391 _____ () C:\Users\Administrator\Desktop\Gmer.txt
2014-06-23 21:25 - 2014-06-23 21:25 - 00138256 _____ () C:\Windows\Minidump\Mini062314-01.dmp
2014-06-23 21:25 - 2014-06-23 21:24 - 104622217 _____ () C:\Windows\MEMORY.DMP
2014-06-23 21:25 - 2008-01-04 17:59 - 00000000 ____D () C:\Windows\Minidump
2014-06-23 21:16 - 2014-06-23 21:06 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-06-23 21:15 - 2014-06-23 21:15 - 00033839 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-06-23 21:14 - 2014-06-23 21:14 - 00029922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-06-23 21:13 - 2014-06-23 21:08 - 00033839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-06-23 21:01 - 2014-06-23 21:00 - 00000488 _____ () C:\Users\Administrator\Desktop\defogger_disable.log
2014-06-23 21:00 - 2014-06-23 21:00 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2014-06-23 21:00 - 2014-06-22 15:43 - 00000000 ____D () C:\Users\Administrator
2014-06-23 20:55 - 2014-06-22 15:46 - 00000944 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-22 18:52 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files\Registry System Wizard.NET
2014-06-22 18:42 - 2014-06-22 18:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinFAQ
2014-06-22 18:41 - 2014-06-22 18:41 - 00000903 _____ () C:\Users\Public\Desktop\Registry System Wizard .NET.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry System Wizard.NET
2014-06-22 15:50 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-22 15:49 - 2014-06-22 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech® Webcam-Software
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-22 15:48 - 2014-06-22 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-22 15:47 - 2014-06-22 15:47 - 00122152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\QSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\DSwitch.txt
2014-06-22 15:47 - 2014-06-22 15:47 - 00000000 _____ () C:\Users\Administrator\AppData\Local\AtStart.txt
2014-06-22 15:46 - 2014-06-22 15:46 - 00000949 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-22 15:45 - 2014-06-22 15:45 - 00000915 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-22 15:45 - 2007-06-30 07:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-06-22 15:43 - 2014-06-22 15:43 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-22 15:43 - 2014-06-22 15:43 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-22 15:30 - 2012-07-10 18:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-06-22 12:56 - 2008-01-18 20:35 - 00000000 ____D () C:\Program Files\Avira
2014-06-22 12:52 - 2014-06-22 12:52 - 00000000 ____D () C:\OETemp
2014-06-22 12:52 - 2008-01-18 20:35 - 00000000 ____D () C:\ProgramData\Avira
2014-06-22 12:47 - 2011-01-12 14:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 12:17 - 2013-01-18 20:47 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E5538C0-1C01-4BDA-B3C5-88938E28F3CC}.job
2014-06-22 11:29 - 2007-12-05 21:39 - 00021504 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-21 19:12 - 2014-06-21 14:46 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-17 20:47 - 2011-01-17 05:21 - 00000680 _____ () C:\Users\Josef\AppData\Local\d3d9caps.dat
2014-06-16 14:53 - 2013-08-16 09:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 14:53 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-12 08:28 - 2007-12-05 19:28 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-30 16:47
==================== End Of Log ============================
--- --- --- |
|
30.06.2014, 20:53
| #15 | |
| Ruhe in Frieden † 2019 | Vista - BKA-Trojaner - Blockierung durch GruppenrichtlinienZitat:
Schritt 1
wenn du dort nichts findest, mache nochmals einen Suchlauf mit Malwarebytes. Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
|
| Themen zu Vista - BKA-Trojaner - Blockierung durch Gruppenrichtlinien |
| administrator, association, avira, conduit.search, conduit.search entfernen, defender, device driver, explorer, fehlercode 1, google, kaspersky, launch, pdf, rundll, safer networking, scan, security, server, software, starten, symantec, system, win32/conduit.searchprotect.n, win32/pricegong.a, win32/toolbar.conduit.b, win32/toolbar.conduit.x, win32/toolbar.conduit.y, win64/toolbar.conduit.b, windows, winlogon.exe |
Linear-Darstellung
