| loewenherzl | 17.07.2013 16:23 |
GMER: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-17 17:15:33
Windows 6.2.9200 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9120E76E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x820F980E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9120CC42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x820FACF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9120E8EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x820F9556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x820FB1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x820FB066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x820F945C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x820F94CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x820F92F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x820FAD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x820F97A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x820F9742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x820FC22A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x821008B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x820FB506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x820FB7F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9120E822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x821060DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x820FE26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x82105EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x82106036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x820FDE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x82105EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x82106122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x82105F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x82105F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x820FB92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x820FE98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x820F96DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9120CC12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9120E6C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x820FE596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x820F9676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x820FAE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x821060B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x820FA800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x820FA5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x82105ECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9120E992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x82105E86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x821060FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x82105F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x82105F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x820FA0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x820FC256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9120E5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x820F9610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91227E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 16C 816FD4BC 12 Bytes [56, 95, 0F, 82, C8, B1, 0F, ...]
.text ntoskrnl.exe!ZwCallbackReturn + 3E4 816FD734 4 Bytes [22, E8, 20, 91]
.text ntoskrnl.exe!ZwCallbackReturn + 604 816FD954 12 Bytes [B8, 60, 10, 82, 00, A8, 0F, ...]
.text ntoskrnl.exe!ZwReplacePartitionUnit + 2673 81773135 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 81777A1A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction + 580 8185AA07 5 Bytes JMP 912267CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8194762E 5 Bytes JMP 91224C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 819DC0ED 7 Bytes JMP 91227E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.edata C:\WINDOWS\System32\DRIVERS\netbt.sys unknown last section [0x821CE000, 0x3B6B, 0xC8000040]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[428] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\wininit.exe[520] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[604] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[620] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[636] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 010703FC
.text C:\WINDOWS\system32\ctfmon.exe[636] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 010701F8
.text C:\WINDOWS\system32\ctfmon.exe[636] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 01090A08
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 01090804
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 010903FC
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 010901F8
.text C:\WINDOWS\system32\ctfmon.exe[636] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 01090600
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[800] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[832] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\PDF Architect\HelperService.exe[876] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[912] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1024] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[1036] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 010303FC
.text C:\WINDOWS\system32\taskhostex.exe[1036] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 010301F8
.text C:\WINDOWS\system32\taskhostex.exe[1036] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 011E0A08
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 011E0804
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 011E03FC
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 011E01F8
.text C:\WINDOWS\system32\taskhostex.exe[1036] user32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 011E0600
.text C:\WINDOWS\system32\svchost.exe[1084] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\WinLogon.exe[1156] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 004803FC
.text C:\WINDOWS\System32\WinLogon.exe[1156] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 004801F8
.text C:\WINDOWS\System32\WinLogon.exe[1156] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 004A0A08
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 004A0804
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 004A03FC
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 004A01F8
.text C:\WINDOWS\System32\WinLogon.exe[1156] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 004A0600
.text C:\WINDOWS\system32\svchost.exe[1400] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[1472] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Users\***\Desktop\gmer_2.1.19163.exe[1516] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00CC03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00CC01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00CE0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00CE0804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00CE03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00CE01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00CE0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1604] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1712] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00210A08
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00210804
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002103FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002101F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1824] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00210600
.text C:\WINDOWS\System32\spoolsv.exe[1844] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1884] KERNEL32.DLL!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00330A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00330804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 003303FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 003301F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00330600
.text C:\WINDOWS\system32\wwahost.exe[2476] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 009903FC
.text C:\WINDOWS\system32\wwahost.exe[2476] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 009901F8
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00A50A08
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00A50804
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00A503FC
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00A501F8
.text C:\WINDOWS\system32\wwahost.exe[2476] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00A50600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2500] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00220600
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 005C03FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 005C01F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 005E0A08
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 005E0804
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 005E03FC
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 005E01F8
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2536] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 005E0600
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001801F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 001A0A08
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 001A0804
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 001A03FC
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 001A01F8
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[2608] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 001A0600
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 004203FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 004201F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00440A08
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00440804
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 004403FC
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 004401F8
.text C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe[2616] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00440600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00220A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00220804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002201F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3004] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00220600
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 008403FC
.text C:\WINDOWS\system32\svchost.exe[3236] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 008401F8
.text C:\WINDOWS\system32\svchost.exe[3236] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00860A08
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00860804
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 008603FC
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 008601F8
.text C:\WINDOWS\system32\svchost.exe[3236] user32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00860600
.text C:\WINDOWS\System32\dwm.exe[3344] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 008203FC
.text C:\WINDOWS\System32\dwm.exe[3344] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 008201F8
.text C:\WINDOWS\System32\dwm.exe[3344] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00940A08
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00940804
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 009403FC
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 009401F8
.text C:\WINDOWS\System32\dwm.exe[3344] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00940600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 015403FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 015401F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 01570A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 01570804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 015703FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 015701F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[3744] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 01570600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 011603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 011601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 011B0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 011B0804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 011B03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 011B01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3900] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 011B0600
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00A103FC
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00A101F8
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00B40A08
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00B40804
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00B403FC
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00B401F8
.text C:\WINDOWS\system32\SearchIndexer.exe[4036] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00B40600
.text C:\WINDOWS\Explorer.EXE[4664] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00A603FC
.text C:\WINDOWS\Explorer.EXE[4664] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00A601F8
.text C:\WINDOWS\Explorer.EXE[4664] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00A90A08
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00A90804
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00A903FC
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00A901F8
.text C:\WINDOWS\Explorer.EXE[4664] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00A90600
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 010303FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 010301F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 011E0A08
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 011E0804
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 011E03FC
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 011E01F8
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4692] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 011E0600
.text C:\Windows\System32\RuntimeBroker.exe[4956] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 008403FC
.text C:\Windows\System32\RuntimeBroker.exe[4956] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 008401F8
.text C:\Windows\System32\RuntimeBroker.exe[4956] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00860A08
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00860804
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 008603FC
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 008601F8
.text C:\Windows\System32\RuntimeBroker.exe[4956] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00860600
.text C:\WINDOWS\system32\nvvsvc.exe[5080] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 00C603FC
.text C:\WINDOWS\system32\nvvsvc.exe[5080] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 00C601F8
.text C:\WINDOWS\system32\nvvsvc.exe[5080] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00C80A08
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00C80804
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 00C803FC
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 00C801F8
.text C:\WINDOWS\system32\nvvsvc.exe[5080] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00C80600
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 006E03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 006E01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 007A0A08
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 007A0804
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 007A03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 007A01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[5420] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 007A0600
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001503FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001501F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00160A08
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00160804
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 001603FC
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 001601F8
.text C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[5444] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00160600
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 007A03FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 007A01F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 007C0A08
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 007C0804
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 007C03FC
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 007C01F8
.text C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[5644] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 007C0600
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 001A0A08
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 001A0804
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 001A03FC
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 001A01F8
.text C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[5768] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 001A0600
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00220A08
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00220804
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 002203FC
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 002201F8
.text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5780] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00220600
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] ntdll.dll!LdrUnloadDll 77962029 5 Bytes JMP 002003FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] ntdll.dll!LdrLoadDll 77975D29 5 Bytes JMP 002001F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] KERNEL32.dll!GetBinaryTypeW + 6F 7764DDE0 1 Byte [62]
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!UnhookWindowsHookEx 76F5A37A 5 Bytes JMP 00320A08
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!SetWindowsHookExW 76F5F223 5 Bytes JMP 00320804
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!UnhookWinEvent 76F5FE7F 5 Bytes JMP 003203FC
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!SetWinEventHook 76F6938E 5 Bytes JMP 003201F8
.text C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[5980] USER32.dll!SetWindowsHookExA 76F76F76 5 Bytes JMP 00320600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1949246788
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@UpdatesAvailableForDownloadLogon 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\7971f918-a847-4430-9279-4a52d1efe18d
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\7971f918-a847-4430-9279-4a52d1efe18d@CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache.v2\{D4703C43-E18A-44BE-99AB-AD968635E6AF}.bin
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\7971f918-a847-4430-9279-4a52d1efe18d@FlushCacheFiles
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E2BC2B90-0F7E-11DE-A5D3-806E6F6E6963} 8445049232
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E2BC2B91-0F7E-11DE-A5D3-806E6F6E6963} 87172712
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by *** (administrator) on 17-07-2013 17:20:07
Running from C:\Users\***\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(SRS Labs, Inc.) C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
(Microsoft Corporation) C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Skillbrains) C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.20\LightShot.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
==================== Registry (Whitelisted) ==================
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
548768 2012-06-25] (SRS Labs, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [LightShot] - C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-05-27] ()
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [SRSHDAudioLab] - C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe [5446056 2012-06-25] ()
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1597864 2013-02-14] (Valve Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-03] (Microsoft Corporation)
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 23 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 24 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 25 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 26 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 27 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 28 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 29 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 30 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 31 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 32 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 33 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 34 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 35 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 36 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 37 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 38 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 39 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 40 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\90vhslw0.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
========================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880 2012-09-11] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SRSHDAudioService; C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [13232 2012-06-25] (SRS Labs, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\drivers\ATKACPI.sys [14392 2009-05-13] (ASUS)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [254464 2012-07-26] ()
R3 SRS_AE_Service; C:\Windows\system32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHDA.sys [x]
U3 uwldapow; \??\C:\Users\***\AppData\Local\Temp\uwldapow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 17:19 - 2013-07-17 17:19 - 01218860 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-17 17:15 - 2013-07-17 17:15 - 00060243 _____ C:\Users\***\Desktop\gmer.log
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Local\Skillbrains
2013-07-17 16:07 - 2013-07-17 16:07 - 02586280 _____ (Skillbrains ) C:\Users\***\Downloads\setup-lightshot.exe
2013-07-17 16:04 - 2013-07-17 16:04 - 00605800 _____ C:\Users\***\Downloads\lightshot-ie-1-3-0-15.exe
2013-07-17 15:54 - 2013-07-17 15:54 - 00393040 _____ (Softonic ) C:\Users\***\Downloads\SoftonicDownloader_fuer_lightshot.exe
2013-07-14 22:16 - 2013-07-14 22:16 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-14 21:51 - 2013-07-14 21:51 - 00164480 _____ C:\WINDOWS\Minidump\071413-36223-01.dmp
2013-07-14 21:20 - 2013-07-14 22:14 - 00000000 ____D C:\Users\***\Desktop\mbar
2013-07-14 20:58 - 2013-07-14 20:59 - 00020884 _____ C:\Users\***\Desktop\Addition.txt
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:43 - 2013-07-14 14:45 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software ) C:\Users\***\Downloads\setup.exe
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-12 09:48 - 2013-07-12 09:49 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:48 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2013-07-12 09:48 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMAPI32.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPIDE.DLL
2013-07-12 09:48 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6DE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCMCDE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCC2DE.DLL
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 16:18 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-11 16:18 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-11 16:18 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-11 16:18 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-11 16:17 - 2013-05-31 01:09 - 03389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-11 16:17 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-11 16:17 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd. ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
==================== One Month Modified Files and Folders =======
2013-07-17 17:19 - 2013-07-17 17:19 - 01218860 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-17 17:19 - 2012-12-09 12:43 - 00000000 ___RD C:\Users\***\Desktop
2013-07-17 17:15 - 2013-07-17 17:15 - 00060243 _____ C:\Users\***\Desktop\gmer.log
2013-07-17 17:10 - 2012-12-09 12:51 - 01350557 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-17 17:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-17 16:44 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-sys.job
2013-07-17 16:28 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
2013-07-17 16:21 - 2012-12-26 15:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-17 16:08 - 2013-07-17 16:08 - 00000000 ____D C:\Users\***\AppData\Local\Skillbrains
2013-07-17 16:08 - 2012-12-11 18:52 - 00000443 _____ C:\Users\***\AppData\Local\UserProducts.xml
2013-07-17 16:07 - 2013-07-17 16:07 - 02586280 _____ (Skillbrains ) C:\Users\***\Downloads\setup-lightshot.exe
2013-07-17 16:04 - 2013-07-17 16:04 - 00605800 _____ C:\Users\***\Downloads\lightshot-ie-1-3-0-15.exe
2013-07-17 15:54 - 2013-07-17 15:54 - 00393040 _____ (Softonic ) C:\Users\***\Downloads\SoftonicDownloader_fuer_lightshot.exe
2013-07-17 15:45 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-17 15:36 - 2013-02-06 15:51 - 00000000 ___RD C:\Users\***\SkyDrive
2013-07-16 21:05 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-16 21:04 - 2012-12-27 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-14 23:17 - 2012-12-09 12:43 - 00000000 ____D C:\Users\***
2013-07-14 22:16 - 2013-07-14 22:16 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-14 22:14 - 2013-07-14 21:20 - 00000000 ____D C:\Users\***\Desktop\mbar
2013-07-14 21:51 - 2013-07-14 21:51 - 00164480 _____ C:\WINDOWS\Minidump\071413-36223-01.dmp
2013-07-14 21:51 - 2012-12-19 15:57 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-14 21:51 - 2012-12-19 15:56 - 548319931 _____ C:\WINDOWS\MEMORY.DMP
2013-07-14 21:51 - 2012-12-09 12:37 - 00026908 _____ C:\WINDOWS\PFRO.log
2013-07-14 21:50 - 2012-07-26 08:53 - 00000000 _SHDC C:\WINDOWS\$NtUninstallKB10095$
2013-07-14 21:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Help
2013-07-14 20:59 - 2013-07-14 20:58 - 00020884 _____ C:\Users\***\Desktop\Addition.txt
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:45 - 2013-07-14 14:43 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 14:07 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software ) C:\Users\***\Downloads\setup.exe
2013-07-14 13:43 - 2012-07-26 06:17 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:24 - 2012-12-19 14:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-14 08:59 - 2012-12-28 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 18:51 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 17:27 - 2012-12-11 18:31 - 00000000 ____D C:\Users\***\AppData\Roaming\MediaMonkey
2013-07-12 16:28 - 2012-12-09 12:52 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-12 16:15 - 2013-01-18 12:11 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-07-12 09:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-07-12 09:49 - 2013-07-12 09:48 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 17:02 - 2012-12-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 16:57 - 2012-12-13 17:42 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-11 16:08 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-11 10:22 - 2012-12-12 18:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-10 11:14 - 2013-05-20 12:12 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:12 - 2012-12-11 18:55 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd. ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:52 - 2012-12-21 15:46 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-06 08:52 - 2012-12-21 15:46 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-04 18:08 - 2012-12-11 19:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 09:57 - 2013-02-06 15:51 - 00002251 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-07-01 17:04 - 2012-07-26 08:03 - 00080005 _____ C:\WINDOWS\setupact.log
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-28 11:19 - 2013-03-19 19:39 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-06-28 00:04 - 2013-04-14 13:34 - 00693112 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-04-14 13:34 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-11 10:35
==================== End Of Log ============================
--- --- --- ADDITION: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by *** at 2013-07-14 20:58:00
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Stock Photos 1.0 (Version: 1.0.1)
ATK Package (Version: 1.0.0023)
avast! Free Antivirus (Version: 8.0.1489.0)
Catan - Städte und Ritter (Version: 1.229)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON BX305 Plus Series Printer Uninstall
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Scan
Free YouTube to MP3 Converter version 3.12.5.628 (Version: 3.12.5.628)
GIMP 2.8.4 (Version: 2.8.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
lightshot-4.3.0.0 (Version: 4.3.0.0)
MediaMonkey 4.0 (Version: 4.0)
Microsoft Expression Design 4 (Version: 8.0.31217.1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Netzwerkhandbuch EPSON BX305 Plus Series
NVIDIA 3D Vision Treiber 310.90 (Version: 310.90)
NVIDIA Grafiktreiber 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Systemsteuerung 310.90 (Version: 310.90)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (Version: 9.1.3.2637)
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.7.0)
SRS Audio Essentials (Version: 1.02.0312)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.2.21.0)
System Power Shortcuts (Version: 1.1.1029)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
==================== Restore Points =========================
23-06-2013 13:01:54 Geplanter Prüfpunkt
03-07-2013 08:10:25 Geplanter Prüfpunkt
06-07-2013 06:51:08 Installed Java 7 Update 25
11-07-2013 14:52:48 Windows Update
==================== Hosts content: ==========================
2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {30AFB382-B450-4F01-B005-A373C9538063} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E787B0D-8405-40CD-BC79-5BF41DAB734D} - System32\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4875C8FF-DF2A-4DBF-B93B-C18E351949B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {5986D1E8-C632-477C-8096-ECEBBDF07468} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {5CB273A4-513A-4D26-9064-1880BFE98AD1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {6BB2238B-0B60-43CB-9FD7-30FC5D5758BA} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe No File
Task: {6CEE63A4-32D4-473A-9615-35287493A8D0} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171136491-575053196-1707953686-1000
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AAEB0B67-69E8-4F99-922A-28CB70F79E35} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {C25EB31A-6966-4BF5-BAAB-9107993D54BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E6EF7532-3F7A-443F-8769-AED6CC439EC5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FB96BBB5-A5AD-4886-B14B-183EA8E08AD0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container) (User: )
Description: ALoggerFileCyclic: Failed to delete an old log file Last error code: 32
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LABTOP)
Description: Die App „microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
System errors:
=============
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (07/14/2013 08:35:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Microsoft Office Sessions:
=========================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic: Failed to release mutex. Last error code: 288
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container)(User: )
Description: ALoggerFileCyclic: Failed to delete an old log file Last error code: 32
Type:
ERROR
Location:
::(0) : error 0:
Computer:
Id: 0, Name:Null
Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LABTOP)
Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive
Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
==================== Memory info ===========================
Percentage of memory in use: 74%
Total physical RAM: 3071.33 MB
Available physical RAM: 786.73 MB
Total Pagefile: 6143.33 MB
Available Pagefile: 3486.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1839.45 MB
==================== Drives ================================
Drive c: (Windows 8) (Fixed) (Total:116.44 GB) (Free:67.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (***) (Fixed) (Total:104.73 GB) (Free:54.45 GB) NTFS
Drive e: () (Fixed) (Total:116.44 GB) (Free:69.39 GB) NTFS
Drive g: () (Fixed) (Total:116.44 GB) (Free:116.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=12 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
GMER herunter: (Dateiname zufällig) 
Tauchen Probleme auf? 
FRST 32-Bit | FRST 64-Bit
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop