| |
| |||||||
Log-Analyse und Auswertung: PC verhält sich wie mit 64MB Ram merkwürdige CPU AuslastungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
14.01.2013, 07:35
| #1 |
 |  PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Hallo, mein PC macht seit gestern Probleme. Er ist extrem langsam und verhält sich als ob er nur 64MB Ram hätte. Die CPU Auslastung schwankt immer von 40-60% Auslastung obwohl im Taskmanager alle Auslastungen auf 0% stehen. Der Systemstart dauert schon eine Ewigkeit. Festplatte überprüft mit Crystal Disk Info = Gut ComboFix, Kaspersky Virus Removal Tool und Mailware Antibytes durchlaufen lassen ohne Befund und ohne Problemlösung. Eset Online Scan durchgeführt keine ohne erkannte Viren. Code:
ATTFilter OTL logfile created on: 13.01.2013 20:42:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Rose\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 60,51% Memory free 4,97 Gb Paging File | 3,77 Gb Available in Paging File | 75,99% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 155,25 Gb Total Space | 98,67 Gb Free Space | 63,55% Space Free | Partition Type: NTFS Drive D: | 310,50 Gb Total Space | 132,50 Gb Free Space | 42,67% Space Free | Partition Type: NTFS Drive E: | 233,58 Gb Total Space | 178,29 Gb Free Space | 76,33% Space Free | Partition Type: NTFS Drive G: | 232,18 Gb Total Space | 67,34 Gb Free Space | 29,00% Space Free | Partition Type: NTFS Computer Name: WORKSTATION | User Name: Rose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.01.13 21:38:41 | 000,717,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\RarSFX0\5926726.exe PRC - [2013.01.13 21:38:37 | 000,458,208 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\9519004\5926726.exe PRC - [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe PRC - [2013.01.13 19:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.21 13:02:20 | 000,546,504 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2012.11.21 13:02:14 | 000,579,464 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe PRC - [2012.11.01 15:34:28 | 002,717,816 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe PRC - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe PRC - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012.09.17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.01.25 11:41:48 | 002,336,072 | ---- | M] (O&O Software GmbH) -- D:\Programme\OO Software\Defrag\oodag.exe PRC - [2009.10.20 16:25:08 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.09.16 14:18:32 | 000,024,653 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\ecview.exe PRC - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe PRC - [2008.09.16 14:11:58 | 000,163,931 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe PRC - [2008.09.16 14:11:22 | 000,114,773 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe PRC - [2008.04.14 07:52:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe PRC - [2005.03.31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) -- C:\WINDOWS\system32\SgLogPlayer.exe PRC - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\gslsrvn.exe PRC - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\crppsrvn.exe PRC - [2003.02.22 16:41:18 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE PRC - [2003.02.22 16:41:18 | 000,027,648 | R--- | M] () -- D:\Programme\winfax\WFXSWTCH.exe ========== Modules (No Company Name) ========== MOD - [2013.01.13 21:38:41 | 000,717,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\RarSFX0\5926726.exe MOD - [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.11.21 13:02:14 | 000,579,464 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2012.11.01 15:34:02 | 000,092,792 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll MOD - [2012.10.23 17:40:08 | 000,109,688 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2008.09.16 14:18:12 | 000,016,477 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\EcView0407.dll MOD - [2008.09.16 14:17:52 | 000,016,477 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgUicl.msg MOD - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe MOD - [2008.09.16 14:16:12 | 000,057,440 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_MSG0407.dll MOD - [2008.09.16 14:16:08 | 000,082,016 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_ERR0407.dll MOD - [2008.09.16 14:12:00 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrvps.dll MOD - [2008.09.16 14:11:22 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtlps.Dll MOD - [2008.09.16 14:10:58 | 000,098,382 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\REFile.dll MOD - [2008.09.16 14:10:38 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll MOD - [2008.09.16 14:10:18 | 000,016,482 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_INFO0407.dll MOD - [2007.08.16 12:33:38 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\loaddlln.dll MOD - [2007.04.12 11:36:40 | 000,835,584 | ---- | M] () -- C:\WINDOWS\system32\sgsamn.dll MOD - [2007.04.12 11:35:06 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\a11layn.dll MOD - [2006.11.27 14:11:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\uswerrln.dll MOD - [2005.09.24 10:10:56 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU MOD - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\gslsrvn.exe MOD - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\crppsrvn.exe MOD - [2004.06.01 15:37:24 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\craservn.dll MOD - [2004.06.01 15:37:12 | 000,323,584 | ---- | M] () -- C:\WINDOWS\system32\cmbase2n.dll MOD - [2004.06.01 15:37:06 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\cmbasen.dll MOD - [2003.02.22 16:41:18 | 000,027,648 | R--- | M] () -- D:\Programme\winfax\WFXSWTCH.exe MOD - [2000.02.14 17:36:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - File not found [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service) SRV - [2013.01.11 11:08:00 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.10 13:14:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.01.25 11:41:48 | 002,336,072 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2010.09.08 11:42:39 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.10 14:51:39 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.03.10 21:27:53 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe -- (SgeClient) SRV - [2008.09.16 14:11:58 | 000,163,931 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv) SRV - [2008.09.16 14:11:22 | 000,114,773 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl) SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.03.31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\WINDOWS\system32\SgLogPlayer.exe -- (SgLogPlayer) SRV - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\gslsrvn.exe -- (GSLSRV) SRV - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\crppsrvn.exe -- (CRPPSRV) SRV - [2000.03.07 15:38:48 | 000,128,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WinUSB.sys -- (WinUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302AV.SYS -- (PID_08A0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ppenysgp.sys -- (jjrd) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\epfwtdir.sys -- (epfwtdir) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM108.sys -- (CM1083264) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Rose\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Camdrl.sys -- (CamDrL) DRV - [2013.01.13 21:37:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\06697164.sys -- (06697164) DRV - [2012.11.01 15:35:20 | 000,068,272 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsm.sys -- (pctplsm) DRV - [2012.11.01 15:35:14 | 000,202,280 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD) DRV - [2012.10.31 14:21:28 | 000,260,760 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2012.10.28 12:40:26 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.10.28 12:40:26 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2012.10.23 17:40:32 | 000,062,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD) DRV - [2012.10.22 16:38:28 | 000,368,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2012.02.28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2012.02.28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio) DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio) DRV - [2012.01.17 13:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.07.06 11:26:54 | 006,088,296 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010.07.06 11:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.11.18 00:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.08.24 16:21:46 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.07.02 15:40:12 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.02 15:40:12 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.06.17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.04.29 14:10:43 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio) DRV - [2009.04.08 13:20:06 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.11 20:15:12 | 000,051,072 | ---- | M] (Animation Technologies Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207_543.sys -- (M9207) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.09.26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.09.16 14:19:16 | 000,019,712 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AES256.sys -- (AES-256) DRV - [2008.09.16 14:19:12 | 000,063,488 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SGEFLT.sys -- (SgeFlt) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.04.14 00:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi) DRV - [2008.01.24 09:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.01.11 17:20:06 | 000,194,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2006.09.18 13:48:22 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Navcar.sys -- (Navcar) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.10.16 06:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk) DRV - [2004.06.09 02:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2004.06.09 02:00:00 | 000,053,120 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus) DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi) DRV - [2004.03.10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2001.08.17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6C87E8C6-E5A7-4E11-BDEB-21D5974A064F} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{424A3E04-7B92-4648-A5FB-94DA349A731C}: "URL" = hxxp://redirect.t-online.de/index.php?rdid=8&q={searchTerms} IE - HKCU\..\SearchScopes\{6C87E8C6-E5A7-4E11-BDEB-21D5974A064F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 22:23:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013.01.13 08:44:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.11 11:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 11:07:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.02.21 11:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Extensions [2011.01.19 08:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.12.12 04:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions [2010.11.13 14:33:58 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2012.10.14 04:43:46 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.10.12 10:29:45 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\djziggy@gmail.com [2012.12.12 04:44:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.24 08:44:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.06.16 09:33:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013.01.11 11:08:02 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.09.15 10:50:46 | 000,376,832 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll [2012.10.17 18:09:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.17 18:09:59 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.17 18:09:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.17 18:09:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.17 18:09:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.17 18:09:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\plugins\np-mswmp.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2013.01.13 11:25:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [OODefragTray] D:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WFXSwtch] d:\Programme\winfax\WFXSWTCH.exe () O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\_uninst_06697164.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - D:\Programme\LingoCom\Translator.lnk File not found O9 - Extra 'Tools' menuitem : Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - D:\Programme\LingoCom\Translator.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4E3CF1-7467-44C1-903D-B1290A3EA6E0}: DhcpNameServer = 192.168.3.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\Sggina.dll (Utimaco Safeware AG) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\NotLog: DllName - (SGLogEx.dll) - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG) O20 - Winlogon\Notify\SGLogNotification: DllName - (SGLogNotification.dll) - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG) O20 - Winlogon\Notify\sgsam: DllName - (sgsamn.dll) - C:\WINDOWS\System32\sgsamn.dll () O24 - Desktop Components:0 () - hxxp://i.ebayimg.com/09/%21BV6Ou1QBGk%7E$%28KGrHgoH-D8EjlLlzKDlBKU5kc51yg%7E%7E_12.JPG O24 - Desktop Components:1 () - hxxp://i.ebayimg.com/16/%21BbEuJTQ%212k%7E$%28KGrHgoH-DMEjlLlvjJvBKuR5ljO9Q%7E%7E_12.JPG O24 - Desktop Components:2 () - file:///C:/DOKUME~1/Rose/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg O24 - Desktop Components:3 () - file:///C:/DOKUME~1/Rose/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg O24 - Desktop Components:4 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - d:\Programme\winfax\WFXSEH32.DLL (Symantec Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 20:53:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.13 20:31:43 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\esetsmartinstaller_enu.exe [2013.01.13 20:19:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.13 20:19:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2013.01.13 19:45:54 | 001,378,744 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\eset_nod32_antivirus_live_installer.exe [2013.01.13 19:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.01.13 19:21:53 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06697164.sys [2013.01.13 19:06:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe [2013.01.13 14:34:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.13 11:36:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.13 11:36:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.13 11:34:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Rose\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.13 11:33:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2013.01.13 10:17:36 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.13 10:13:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.13 10:13:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.13 10:13:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.13 10:13:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.13 10:12:46 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.13 10:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.13 10:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.13 09:37:40 | 005,021,655 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Rose\Desktop\ComboFix.exe [2013.01.13 08:44:11 | 000,062,688 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys [2013.01.13 08:44:09 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2013.01.13 08:44:09 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2013.01.13 08:44:09 | 000,150,648 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2013.01.13 08:34:42 | 000,260,760 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2013.01.13 08:34:01 | 000,019,464 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys [2013.01.13 08:34:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security [2013.01.13 08:33:27 | 000,071,752 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2013.01.13 08:33:26 | 000,068,272 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsm.sys [2013.01.13 08:22:07 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2013.01.13 08:22:07 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2013.01.13 08:20:48 | 000,368,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2013.01.13 08:20:48 | 000,163,288 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2013.01.13 08:19:29 | 000,202,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys [2013.01.13 08:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2013.01.13 08:16:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2013.01.13 08:16:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2013.01.13 08:16:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\TestApp [2013.01.13 07:43:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2013.01.12 13:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\lenovo [2013.01.11 11:07:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.01.08 10:27:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Apple [2013.01.07 10:13:44 | 000,000,000 | ---D | C] -- C:\Programme\PhonerLite [2013.01.07 08:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Faxe [2013.01.06 10:35:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\redsn0w [2012.12.27 16:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\NativeFus_Log [2012.12.27 16:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump [2012.12.27 16:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\samsung [2012.12.26 21:33:54 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.12.25 20:02:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2012.12.19 20:37:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8 [2012.12.18 13:52:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Oase [2012.12.18 13:31:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.12.18 13:31:06 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.12.18 13:31:01 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.12.18 13:31:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.18 06:27:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Sony [14 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 21:37:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06697164.sys [2013.01.13 21:00:32 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2013.01.13 20:31:52 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\esetsmartinstaller_enu.exe [2013.01.13 20:28:44 | 000,756,999 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2013.01.13 20:16:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.13 20:15:30 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 19:46:11 | 001,378,744 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\eset_nod32_antivirus_live_installer.exe [2013.01.13 19:27:53 | 000,000,852 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe [2013.01.13 19:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe [2013.01.13 18:46:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.13 18:43:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 18:42:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.13 11:35:16 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Rose\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.13 11:25:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.13 10:18:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.01.13 10:04:32 | 003,696,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.13 09:46:34 | 000,000,210 | ---- | M] () -- C:\Boot.bak [2013.01.13 09:37:51 | 005,021,655 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Rose\Desktop\ComboFix.exe [2013.01.13 07:58:32 | 000,506,266 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.13 07:58:32 | 000,484,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.13 07:58:32 | 000,080,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.13 07:58:31 | 000,096,220 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.12 21:15:16 | 000,371,063 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Unbenannt-1.jpg [2013.01.12 21:04:31 | 000,023,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Eipc.pdf [2013.01.12 20:44:26 | 000,031,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal.pdf [2013.01.10 19:00:14 | 000,081,642 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Mehrfamilienhaus Hemer.pdf [2013.01.10 15:18:00 | 000,019,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\184697.JPG [2013.01.10 15:15:09 | 000,010,322 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\694908.JPG [2013.01.10 13:14:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.10 13:14:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.10 12:35:54 | 000,020,013 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein(1).pdf [2013.01.09 18:51:28 | 000,020,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein.pdf [2013.01.08 20:03:32 | 000,050,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png [2013.01.08 14:51:26 | 000,001,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella [2013.01.08 11:49:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.08 09:21:12 | 000,232,373 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ngpowertools.rar [2013.01.08 09:20:44 | 000,037,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\v7xxxbewerbungssystem50.zip [2013.01.08 09:20:01 | 000,210,047 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\devgermany_5.rar [2013.01.07 10:21:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013.01.06 07:00:31 | 000,000,413 | ---- | M] () -- C:\wakeuptoken.info [2013.01.06 06:37:08 | 000,077,856 | ---- | M] () -- C:\BACKUP.svf [2013.01.04 18:21:38 | 000,155,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Werbung.pdf [2013.01.04 18:20:29 | 001,391,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.jpg [2013.01.04 18:18:00 | 021,081,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.psd [2012.12.26 21:34:04 | 000,001,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\Dropbox.lnk [2012.12.26 21:33:39 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Dropbox.lnk [2012.12.25 20:02:24 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2012.12.25 19:59:19 | 024,442,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\GoogleEarthWin.exe [2012.12.20 06:36:33 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2012.12.18 13:31:38 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.12.18 10:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll [2012.12.18 09:57:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [14 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.13 19:27:53 | 000,000,852 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk [2013.01.13 19:08:10 | 151,797,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe [2013.01.13 10:18:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2013.01.13 10:17:54 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.13 10:13:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.13 10:13:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.13 10:13:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.13 10:13:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.13 10:13:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.13 08:44:09 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2013.01.13 08:44:09 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip [2013.01.13 08:44:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2013.01.13 08:44:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2013.01.13 08:44:09 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2013.01.13 08:22:13 | 000,756,999 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2013.01.12 21:15:07 | 000,371,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Unbenannt-1.jpg [2013.01.12 21:04:31 | 000,023,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Eipc.pdf [2013.01.12 20:44:26 | 000,031,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal.pdf [2013.01.10 19:00:14 | 000,081,642 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Mehrfamilienhaus Hemer.pdf [2013.01.10 15:18:00 | 000,019,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\184697.JPG [2013.01.10 15:15:08 | 000,010,322 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\694908.JPG [2013.01.10 12:35:54 | 000,020,013 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein(1).pdf [2013.01.09 18:51:27 | 000,020,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein.pdf [2013.01.08 20:05:17 | 000,050,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png [2013.01.08 09:21:11 | 000,232,373 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ngpowertools.rar [2013.01.08 09:20:44 | 000,037,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\v7xxxbewerbungssystem50.zip [2013.01.08 09:20:01 | 000,210,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\devgermany_5.rar [2013.01.06 07:00:31 | 000,000,413 | ---- | C] () -- C:\wakeuptoken.info [2013.01.04 18:21:38 | 000,155,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Werbung.pdf [2013.01.04 18:20:21 | 001,391,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.jpg [2013.01.04 18:18:00 | 021,081,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.psd [2012.12.30 09:03:15 | 000,484,086 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2052111302-1935655697-725345543-1003-0.dat [2012.12.25 20:02:24 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2012.12.25 19:59:02 | 024,442,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\GoogleEarthWin.exe [2012.12.18 13:31:38 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.10.12 16:02:04 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\.recently-used.xbel [2012.10.12 15:55:19 | 000,000,037 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\.gtk-bookmarks [2012.07.18 09:42:03 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2012.06.04 19:01:44 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe [2012.06.04 19:01:44 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys [2012.06.04 19:01:43 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys [2012.05.06 23:52:32 | 000,484,086 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.02.15 06:44:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe [2011.11.29 20:13:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011.11.29 20:13:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.11.29 20:13:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.11.29 20:13:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.11.29 20:13:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011.11.29 20:13:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011.11.29 20:13:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011.11.29 20:13:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011.11.29 20:13:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011.11.29 20:13:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011.11.29 20:13:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011.11.29 20:13:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011.11.29 20:13:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011.11.29 20:13:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011.11.29 20:13:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.11.29 20:13:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.11.29 20:13:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.11.29 20:13:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.11.29 20:13:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.11.28 12:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI [2011.11.28 11:54:00 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL [2011.11.28 11:54:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI [2011.11.28 11:53:54 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2011.11.08 13:42:11 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.07.15 13:12:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.04.25 13:49:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe [2011.04.23 19:10:51 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2011.04.23 19:10:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hsduinst.exe [2011.04.23 19:10:51 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2011.03.11 20:21:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.03.11 20:21:40 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.03.11 20:21:40 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.03.11 20:16:14 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.03.11 18:39:38 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.03.01 13:57:58 | 000,000,201 | ---- | C] () -- C:\WINDOWS\OPLB.INI [2011.03.01 13:57:26 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT [2011.02.24 17:22:07 | 000,109,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.28 11:07:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL_GrandPrix_v1.6.4_XP.INI [2010.12.29 17:57:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.12.19 10:48:10 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.07.04 19:05:08 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\winsys.lng [2009.07.04 19:05:08 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\krc6utae.usf [2009.06.17 11:40:28 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2009.05.27 13:01:49 | 000,069,632 | ---- | C] () -- C:\Programme\system.mdw [2009.05.09 20:22:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\$_hpcst$.hpc [2009.03.03 23:35:43 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.03.03 12:24:57 | 000,061,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.03.03 15:01:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 02:00:25 | 001,778,688 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 479 bytes -> C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png:com.dropbox.attributes @Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84 < End of report >  Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 07:41:07
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_HD502IJ rev.1AA01112 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\Rose\LOKALE~1\Temp\kgrorpow.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB1D223C0, 0x95B7EA, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xACB24300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAE77F300, 0x1BEE, 0xE8000020]
? system32\DRIVERS\5926726drv.sys Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 2.0 ----
.text D:\Programme\OO Software\Defrag\oodag.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00401340 D:\Programme\OO Software\Defrag\oodag.exe (O&O Defrag Free Edition Agent (Win32)/O&O Software GmbH)
.text C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[1964] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 00450055 C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
? C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] USER32.dll!AlignRects 7E362A78 4 Bytes [70, 11, 34, 6C] {JO 0x13; XOR AL, 0x6c}
.text C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[3348] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 004508F9 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0150ED80 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01855505 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018554E2 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015253B7 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01855463 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 2.0 ----
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 000301D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00030240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 000302B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00030320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00BD0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00BD08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00BD0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00BD09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00BD0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00030550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 000305C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00030630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 000306A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00BD0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00BD0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00BD0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00BD0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00BD0D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00BD0DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00BD0E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 000307F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00030860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 000308D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00030940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 000309B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00BD0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00BD0F60
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E0550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7C9E05C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7C9E0630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00030A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00030A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E06A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7C9E0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0780
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7C9E07F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7C9E08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7C9E09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00030CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00030D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7C9E0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7C9E0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7C9E0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00030DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00030E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00BE0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00BE0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00BE0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00BE0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00BE0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00BE04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00BE0550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9D0630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9D06A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9D0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00BE05C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9D08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9D0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9D0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00BE0780
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00BE07F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00BE0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00BE08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00BE0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00BE09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00BE0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00BE0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00BE0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9D0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00BE0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00BE0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00BE0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00BE0D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00BE0DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00BE0E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00BE0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00BE0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7C9D0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00BE0F60
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00BF0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00BF0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00BF00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00BF0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00BF01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00BF0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00BF02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00BF0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00BF0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00BF0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 7C9D0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7C9D0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C00A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7C9D02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7C9D0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00C104E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00C10550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00C105C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00C10A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00C10A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00C10B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00C10B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00C10BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00C10C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00C10CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00C10D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7C9E0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 7C9E0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7C9E0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E01D0
---- Modules - GMER 2.0 ----
Module _________ B79A0000-B79B8000 (98304 bytes)
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 96
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@iakcjfdcohfglejhif 0x69 0x61 0x6D 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@haecpblmnmlkmfmh 0x6A 0x61 0x67 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@iagfbebkddiiekdloc 0x63 0x61 0x6E 0x6C ...
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 2.0 ----
|
|
14.01.2013, 11:52
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC verhält sich wie mit 64MB Ram merkwürdige CPU AuslastungZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Zitat:
__________________ |
|
14.01.2013, 12:13
| #3 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Hallo,
__________________nein mein PC zuhause. Die Prof Version habe ich 2008 mal günstig im Ebay geschossen. |
|
14.01.2013, 12:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Warum gehst du auf meine Frage mit CF nicht ein? Und wo bitte ist das Log davon?!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2013, 12:44
| #5 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung das Log habe ich leider nicht, da ich nach ca. 3 Stunde abgbrochen habe. Combo Fix hatte ich mal bei meinem Notebook verwendet, wo ebenfalls mal ein Trojaner drauf war. Dachte vielleicht hilft es in diesem Fall auch  |
|
14.01.2013, 14:02
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC verhält sich wie mit 64MB Ram merkwürdige CPU AuslastungZitat:
TuneUp ist eine tolle Problembeschaffungsmaßnahme. Würde mich echt nicht wundern wenn du damit dein System vermurkst hast.... Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung |
|
14.01.2013, 18:27
| #7 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU AuslastungCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rose :: WORKSTATION [administrator]
14.01.2013 18:32:37
mbar-log-2013-01-14 (18-32-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28995
Time elapsed: 3 hour(s), 55 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\CROSSRIDER|215AppVerifier (Adware.GamePlayLab) -> Data: eaf6a80a3b8ee1ad3cc7d8d7a1be420f -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit MBR Infection) -> Delete on reboot.
(end)
 Geändert von terpentin80 (14.01.2013 um 18:53 Uhr) |
|
14.01.2013, 22:09
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 13:08
| #9 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung aswMBR.exe nach 6Stunden ist der Rechner eingefroren. Lasse jetzt das TDSSKiller laufen wenns Recht ist.? Code:
ATTFilter 13:04:51.0031 3936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:04:51.0281 3936 ============================================================
13:04:51.0281 3936 Current date / time: 2013/01/15 13:04:51.0281
13:04:51.0281 3936 SystemInfo:
13:04:51.0281 3936
13:04:51.0281 3936 OS Version: 5.1.2600 ServicePack: 3.0
13:04:51.0281 3936 Product type: Workstation
13:04:51.0281 3936 ComputerName: WORKSTATION
13:04:51.0281 3936 UserName: Rose
13:04:51.0281 3936 Windows directory: C:\WINDOWS
13:04:51.0281 3936 System windows directory: C:\WINDOWS
13:04:51.0281 3936 Processor architecture: Intel x86
13:04:51.0281 3936 Number of processors: 2
13:04:51.0281 3936 Page size: 0x1000
13:04:51.0281 3936 Boot type: Normal boot
13:04:51.0281 3936 ============================================================
13:04:57.0765 3936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:04:57.0812 3936 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:04:57.0875 3936 ============================================================
13:04:57.0875 3936 \Device\Harddisk0\DR0:
13:04:57.0937 3936 MBR partitions:
13:04:57.0953 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1368192C
13:04:57.0953 3936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x136819AA, BlocksNum 0x26CFF3D6
13:04:57.0968 3936 \Device\Harddisk1\DR1:
13:04:57.0968 3936 MBR partitions:
13:04:57.0968 3936 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D32A402
13:04:57.0968 3936 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1D32A800, BlocksNum 0x1D05A800
13:04:57.0968 3936 ============================================================
13:04:58.0015 3936 D: <-> \Device\Harddisk0\DR0\Partition2
13:04:58.0093 3936 E: <-> \Device\Harddisk1\DR1\Partition1
13:04:58.0250 3936 C: <-> \Device\Harddisk0\DR0\Partition1
13:04:58.0546 3936 G: <-> \Device\Harddisk1\DR1\Partition2
13:04:58.0562 3936 ============================================================
13:04:58.0562 3936 Initialize success
13:04:58.0562 3936 ============================================================
13:06:33.0828 2248 ============================================================
13:06:33.0828 2248 Scan started
13:06:33.0828 2248 Mode: Manual; SigCheck; TDLFS;
13:06:33.0828 2248 ============================================================
13:06:36.0515 2248 ================ Scan system memory ========================
13:06:36.0515 2248 System memory - ok
13:06:36.0515 2248 ================ Scan services =============================
13:06:37.0750 2248 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
13:06:42.0171 2248 a347bus ( UnsignedFile.Multi.Generic ) - warning
13:06:42.0171 2248 a347bus - detected UnsignedFile.Multi.Generic (1)
13:06:42.0203 2248 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
13:06:42.0281 2248 a347scsi ( UnsignedFile.Multi.Generic ) - warning
13:06:42.0281 2248 a347scsi - detected UnsignedFile.Multi.Generic (1)
13:06:42.0296 2248 Abiosdsk - ok
13:06:42.0296 2248 abp480n5 - ok
13:06:42.0468 2248 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:06:49.0953 2248 ACPI - ok
13:06:50.0609 2248 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:06:50.0953 2248 ACPIEC - ok
13:06:51.0515 2248 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
13:06:51.0718 2248 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:06:51.0718 2248 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:06:51.0953 2248 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:06:52.0250 2248 AdobeFlashPlayerUpdateSvc - ok
13:06:52.0265 2248 adpu160m - ok
13:06:52.0406 2248 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:06:52.0828 2248 aec - ok
13:06:52.0890 2248 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:06:52.0953 2248 AegisP ( UnsignedFile.Multi.Generic ) - warning
13:06:52.0953 2248 AegisP - detected UnsignedFile.Multi.Generic (1)
13:06:53.0125 2248 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:06:53.0328 2248 AFD - ok
13:06:53.0328 2248 Aha154x - ok
13:06:53.0343 2248 aic78u2 - ok
13:06:53.0343 2248 aic78xx - ok
13:06:57.0578 2248 [ 8A8909FDD548D84A3E02E04F699EE705 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:07:30.0562 2248 ALCXWDM - ok
13:07:30.0640 2248 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:07:31.0015 2248 Alerter - ok
13:07:31.0078 2248 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
13:07:31.0234 2248 ALG - ok
13:07:31.0234 2248 AliIde - ok
13:07:33.0171 2248 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:07:35.0500 2248 Ambfilt - ok
13:07:35.0500 2248 amsint - ok
13:07:36.0328 2248 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:07:36.0328 2248 Apple Mobile Device - ok
13:07:36.0546 2248 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:07:36.0906 2248 AppMgmt - ok
13:07:37.0062 2248 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:07:37.0453 2248 Arp1394 - ok
13:07:37.0468 2248 asc - ok
13:07:37.0484 2248 asc3350p - ok
13:07:37.0500 2248 asc3550 - ok
13:07:37.0906 2248 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:07:38.0031 2248 aspnet_state - ok
13:07:38.0125 2248 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:07:38.0468 2248 AsyncMac - ok
13:07:38.0593 2248 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:07:38.0609 2248 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9F3A2F5AA6875C72BF062C712CFA2674
13:07:38.0609 2248 atapi ( LockedFile.Multi.Generic ) - warning
13:07:38.0609 2248 atapi - detected LockedFile.Multi.Generic (1)
13:07:38.0609 2248 Atdisk - ok
13:07:38.0890 2248 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:07:38.0921 2248 atksgt - ok
13:07:39.0015 2248 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:07:39.0312 2248 Atmarpc - ok
13:07:39.0437 2248 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:07:39.0671 2248 AudioSrv - ok
13:07:39.0828 2248 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:07:40.0062 2248 audstub - ok
13:07:40.0156 2248 [ DEC96D9A2463B75944869041ED15C31C ] AVMCOWAN C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
13:07:40.0203 2248 AVMCOWAN ( UnsignedFile.Multi.Generic ) - warning
13:07:40.0203 2248 AVMCOWAN - detected UnsignedFile.Multi.Generic (1)
13:07:40.0265 2248 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:07:40.0671 2248 Beep - ok
13:07:40.0984 2248 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:07:41.0281 2248 BITS - ok
13:07:41.0593 2248 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
13:07:41.0796 2248 Bonjour Service - ok
13:07:41.0843 2248 Brother XP spl Service - ok
13:07:41.0968 2248 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
13:07:43.0109 2248 Browser - ok
13:07:43.0265 2248 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
13:07:43.0437 2248 BrScnUsb - ok
13:07:43.0515 2248 CamDrL - ok
13:07:43.0703 2248 catchme - ok
13:07:43.0765 2248 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:07:44.0031 2248 cbidf2k - ok
13:07:44.0125 2248 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:07:44.0531 2248 CCDECODE - ok
13:07:44.0546 2248 cd20xrnt - ok
13:07:44.0640 2248 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:07:45.0046 2248 Cdaudio - ok
13:07:45.0125 2248 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:07:45.0312 2248 Cdfs - ok
13:07:45.0390 2248 [ 9008AD94F28360A2F1409592BFC7ACF7 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
13:07:45.0406 2248 cdrbsdrv - ok
13:07:45.0500 2248 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:07:45.0671 2248 Cdrom - ok
13:07:45.0687 2248 Changer - ok
13:07:45.0906 2248 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:07:46.0171 2248 CiSvc - ok
13:07:46.0265 2248 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:07:46.0546 2248 ClipSrv - ok
13:07:46.0625 2248 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:07:46.0859 2248 clr_optimization_v2.0.50727_32 - ok
13:07:47.0093 2248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:07:47.0125 2248 clr_optimization_v4.0.30319_32 - ok
13:07:47.0125 2248 CM1083264 - ok
13:07:47.0140 2248 CmdIde - ok
13:07:47.0140 2248 COMSysApp - ok
13:07:47.0156 2248 Cpqarray - ok
13:07:47.0218 2248 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:07:47.0546 2248 CryptSvc - ok
13:07:47.0546 2248 dac2w2k - ok
13:07:47.0562 2248 dac960nt - ok
13:07:47.0859 2248 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:07:48.0656 2248 DcomLaunch - ok
13:07:48.0859 2248 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:07:49.0093 2248 Dhcp - ok
13:07:49.0234 2248 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:07:49.0562 2248 Disk - ok
13:07:49.0625 2248 dmadmin - ok
13:07:50.0281 2248 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:07:51.0906 2248 dmboot - ok
13:07:52.0062 2248 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:07:52.0343 2248 dmio - ok
13:07:52.0390 2248 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:07:52.0531 2248 dmload - ok
13:07:52.0703 2248 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:07:52.0843 2248 dmserver - ok
13:07:52.0921 2248 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:07:53.0046 2248 DMusic - ok
13:07:53.0453 2248 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:07:55.0000 2248 Dnscache - ok
13:07:55.0312 2248 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:07:55.0640 2248 Dot3svc - ok
13:07:55.0656 2248 dpti2o - ok
13:07:55.0750 2248 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:07:55.0937 2248 drmkaud - ok
13:07:55.0953 2248 EagleNT - ok
13:07:56.0046 2248 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:07:56.0203 2248 EapHost - ok
13:07:56.0281 2248 ekrn - ok
13:07:56.0390 2248 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
13:07:56.0671 2248 EL90XBC - ok
13:07:56.0796 2248 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:07:56.0968 2248 ERSvc - ok
13:07:57.0140 2248 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
13:07:57.0187 2248 Eventlog - ok
13:07:57.0390 2248 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
13:07:57.0453 2248 EventSystem - ok
13:07:57.0609 2248 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:07:57.0890 2248 Fastfat - ok
13:07:58.0109 2248 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:07:58.0359 2248 FastUserSwitchingCompatibility - ok
13:07:58.0406 2248 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:07:58.0625 2248 Fdc - ok
13:07:58.0687 2248 [ 093913A016845FE257ED9B7FC8E28ED8 ] FileDisk C:\WINDOWS\system32\drivers\FileDisk.sys
13:07:58.0750 2248 FileDisk ( UnsignedFile.Multi.Generic ) - warning
13:07:58.0750 2248 FileDisk - detected UnsignedFile.Multi.Generic (1)
13:07:58.0812 2248 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:07:59.0093 2248 Fips - ok
13:07:59.0156 2248 FLEXnet Licensing Service - ok
13:07:59.0218 2248 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:07:59.0578 2248 Flpydisk - ok
13:07:59.0703 2248 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:08:00.0781 2248 FltMgr - ok
13:08:01.0015 2248 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:08:01.0203 2248 FontCache3.0.0.0 - ok
13:08:01.0296 2248 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
13:08:01.0421 2248 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:08:01.0421 2248 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:08:01.0500 2248 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:08:01.0750 2248 Fs_Rec - ok
13:08:01.0906 2248 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:08:02.0234 2248 Ftdisk - ok
13:08:02.0828 2248 [ F15435ABC8F7F36699085019425B7828 ] FXUSBASE C:\WINDOWS\system32\DRIVERS\fxusbase.sys
13:08:03.0203 2248 FXUSBASE ( UnsignedFile.Multi.Generic ) - warning
13:08:03.0203 2248 FXUSBASE - detected UnsignedFile.Multi.Generic (1)
13:08:03.0296 2248 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:08:03.0312 2248 GEARAspiWDM - ok
13:08:03.0375 2248 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
13:08:03.0468 2248 ggflt - ok
13:08:03.0546 2248 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
13:08:03.0609 2248 ggsemc - ok
13:08:03.0703 2248 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
13:08:03.0796 2248 giveio ( UnsignedFile.Multi.Generic ) - warning
13:08:03.0796 2248 giveio - detected UnsignedFile.Multi.Generic (1)
13:08:03.0843 2248 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:08:04.0234 2248 Gpc - ok
13:08:04.0375 2248 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a181923fe288 C:\Programme\Google\Update\GoogleUpdate.exe
13:08:04.0390 2248 gupdate1c9a181923fe288 - ok
13:08:04.0531 2248 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
13:08:04.0593 2248 gupdatem - ok
13:08:04.0734 2248 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:08:04.0890 2248 HDAudBus - ok
13:08:05.0218 2248 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:08:05.0453 2248 helpsvc - ok
13:08:05.0546 2248 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
13:08:05.0750 2248 HidServ - ok
13:08:06.0000 2248 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:08:06.0671 2248 hidusb - ok
13:08:06.0812 2248 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:08:07.0125 2248 hkmsvc - ok
13:08:07.0125 2248 hpn - ok
13:08:07.0359 2248 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:08:07.0500 2248 HTTP - ok
13:08:07.0593 2248 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:08:08.0000 2248 HTTPFilter - ok
13:08:08.0031 2248 hwdatacard - ok
13:08:08.0078 2248 i2omgmt - ok
13:08:08.0093 2248 i2omp - ok
13:08:08.0187 2248 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:08:08.0437 2248 i8042prt - ok
13:08:08.0625 2248 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:08:08.0781 2248 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:08:08.0781 2248 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:08:09.0687 2248 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:08:11.0312 2248 idsvc - ok
13:08:11.0375 2248 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:08:11.0562 2248 Imapi - ok
13:08:11.0703 2248 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
13:08:12.0234 2248 ImapiService - ok
13:08:12.0234 2248 ini910u - ok
13:08:16.0531 2248 [ 988A112C4061F309CE9C1ABFC971D001 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:08:21.0687 2248 IntcAzAudAddService - ok
13:08:21.0687 2248 IntelIde - ok
13:08:21.0796 2248 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:08:22.0031 2248 Ip6Fw - ok
13:08:22.0109 2248 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:08:22.0312 2248 IpFilterDriver - ok
13:08:22.0375 2248 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:08:22.0640 2248 IpInIp - ok
13:08:22.0828 2248 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:08:23.0171 2248 IpNat - ok
13:08:23.0687 2248 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programme\iPod\bin\iPodService.exe
13:08:23.0890 2248 iPod Service - ok
13:08:23.0984 2248 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:08:24.0187 2248 IPSec - ok
13:08:24.0218 2248 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:08:24.0406 2248 IRENUM - ok
13:08:24.0453 2248 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:08:25.0156 2248 isapnp - ok
13:08:25.0218 2248 [ 8F1BA487B35F0C8F637E05113AA815F8 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys
13:08:25.0343 2248 itchfltr - ok
13:08:25.0609 2248 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
13:08:25.0625 2248 JavaQuickStarterService - ok
13:08:25.0625 2248 jjrd - ok
13:08:25.0718 2248 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:08:26.0140 2248 Kbdclass - ok
13:08:26.0234 2248 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:08:26.0562 2248 kbdhid - ok
13:08:26.0718 2248 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:08:27.0140 2248 kmixer - ok
13:08:27.0171 2248 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\WINDOWS\system32\srvany.exe
13:08:27.0218 2248 KMService ( UnsignedFile.Multi.Generic ) - warning
13:08:27.0218 2248 KMService - detected UnsignedFile.Multi.Generic (1)
13:08:27.0328 2248 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:08:27.0937 2248 KSecDD - ok
13:08:28.0000 2248 [ 0C6E346CDE730CF1356DD69AD6E9BC42 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:08:28.0015 2248 L8042Kbd - ok
13:08:28.0109 2248 [ 8A5993705ADD14352C9A279FA8338334 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:08:28.0125 2248 L8042mou - ok
13:08:28.0218 2248 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:08:28.0453 2248 lanmanserver - ok
13:08:28.0593 2248 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:08:28.0812 2248 lanmanworkstation - ok
13:08:28.0859 2248 [ 8F4D784B3F22F468EEA99DA02B0E39E5 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:08:28.0875 2248 LBeepKE - ok
13:08:28.0875 2248 lbrtfdc - ok
13:08:29.0109 2248 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
13:08:29.0234 2248 LBTServ - ok
13:08:29.0359 2248 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:08:29.0421 2248 LHidFilt - ok
13:08:29.0453 2248 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:08:29.0468 2248 lirsgt - ok
13:08:29.0546 2248 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:08:30.0109 2248 LmHosts - ok
13:08:30.0218 2248 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:08:30.0265 2248 LMouFilt - ok
13:08:30.0359 2248 [ 9837E55673818ECD8FEBB47F7F77521A ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:08:30.0375 2248 LMouKE - ok
13:08:30.0453 2248 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
13:08:30.0531 2248 LUsbFilt - ok
13:08:30.0562 2248 LVUSBSta - ok
13:08:30.0562 2248 M9207 - ok
13:08:30.0609 2248 massfilter - ok
13:08:30.0687 2248 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:08:30.0703 2248 MBAMProtector - ok
13:08:31.0000 2248 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:08:31.0281 2248 MBAMScheduler - ok
13:08:31.0734 2248 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:08:32.0156 2248 MBAMService - ok
13:08:32.0484 2248 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
13:08:32.0703 2248 MDM ( UnsignedFile.Multi.Generic ) - warning
13:08:32.0703 2248 MDM - detected UnsignedFile.Multi.Generic (1)
13:08:32.0796 2248 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:08:33.0593 2248 Messenger - ok
13:08:33.0750 2248 [ 8143E6203E5765ED9F7E6DAE57CEC8D3 ] MHIKEY10 C:\WINDOWS\system32\Drivers\MHIKEY10.sys
13:08:33.0890 2248 MHIKEY10 - ok
13:08:34.0109 2248 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
13:08:34.0203 2248 Microsoft Office Groove Audit Service - ok
13:08:34.0296 2248 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:08:34.0468 2248 mnmdd - ok
13:08:34.0546 2248 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:08:35.0078 2248 mnmsrvc - ok
13:08:35.0187 2248 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:08:35.0875 2248 Modem - ok
13:08:36.0671 2248 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:08:38.0421 2248 Monfilt - ok
13:08:38.0515 2248 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:08:39.0062 2248 Mouclass - ok
13:08:39.0093 2248 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:08:39.0890 2248 mouhid - ok
13:08:39.0968 2248 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:08:40.0171 2248 MountMgr - ok
13:08:40.0312 2248 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:08:40.0421 2248 MozillaMaintenance - ok
13:08:40.0500 2248 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
13:08:41.0156 2248 MPE - ok
13:08:41.0171 2248 mraid35x - ok
13:08:41.0296 2248 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:08:41.0828 2248 MRxDAV - ok
13:08:42.0140 2248 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:08:42.0718 2248 MRxSmb - ok
13:08:42.0781 2248 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:08:43.0171 2248 MSDTC - ok
13:08:43.0234 2248 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:08:43.0421 2248 Msfs - ok
13:08:43.0421 2248 MSIServer - ok
13:08:43.0562 2248 MSI_MSIBIOS_010507 - ok
13:08:43.0625 2248 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:08:44.0828 2248 MSKSSRV - ok
13:08:44.0921 2248 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:08:45.0015 2248 MSPCLOCK - ok
13:08:45.0031 2248 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:08:45.0171 2248 MSPQM - ok
13:08:45.0265 2248 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:08:45.0375 2248 mssmbios - ok
13:08:45.0406 2248 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:08:45.0859 2248 MSTEE - ok
13:08:46.0015 2248 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:08:46.0203 2248 Mup - ok
13:08:46.0359 2248 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:08:46.0843 2248 NABTSFEC - ok
13:08:47.0046 2248 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
13:08:47.0890 2248 napagent - ok
13:08:48.0000 2248 [ 4A2B254AA2D3E375D478EE4C90FBE235 ] Navcar C:\WINDOWS\system32\DRIVERS\Navcar.sys
13:08:48.0078 2248 Navcar ( UnsignedFile.Multi.Generic ) - warning
13:08:48.0078 2248 Navcar - detected UnsignedFile.Multi.Generic (1)
13:08:48.0187 2248 NBService - ok
13:08:48.0328 2248 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:08:48.0953 2248 NDIS - ok
13:08:49.0046 2248 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:08:49.0296 2248 NdisIP - ok
13:08:49.0375 2248 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:08:49.0500 2248 NdisTapi - ok
13:08:49.0593 2248 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:08:50.0265 2248 Ndisuio - ok
13:08:50.0328 2248 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:08:51.0031 2248 NdisWan - ok
13:08:51.0109 2248 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:08:51.0281 2248 NDProxy - ok
13:08:51.0421 2248 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:08:52.0250 2248 Netaapl - ok
13:08:52.0343 2248 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:08:52.0890 2248 NetBIOS - ok
13:08:53.0031 2248 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:08:53.0265 2248 NetBT - ok
13:08:53.0390 2248 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
13:08:53.0968 2248 NetDDE - ok
13:08:54.0062 2248 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:08:54.0203 2248 NetDDEdsdm - ok
13:08:54.0281 2248 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:08:54.0656 2248 Netlogon - ok
13:08:54.0812 2248 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
13:08:55.0187 2248 Netman - ok
13:08:55.0312 2248 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:08:55.0781 2248 NetTcpPortSharing - ok
13:08:55.0859 2248 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:08:56.0203 2248 NIC1394 - ok
13:08:56.0390 2248 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:08:56.0437 2248 Nla - ok
13:08:56.0484 2248 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:08:56.0937 2248 Npfs - ok
13:08:57.0312 2248 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:08:58.0171 2248 Ntfs - ok
13:08:58.0171 2248 NTIOLib_1_0_4 - ok
13:08:58.0234 2248 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:08:58.0328 2248 NtLmSsp - ok
13:08:58.0609 2248 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:08:59.0203 2248 NtmsSvc - ok
13:08:59.0234 2248 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:08:59.0390 2248 Null - ok
13:09:08.0125 2248 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:09:25.0531 2248 nv - ok
13:09:25.0640 2248 [ 8EB410A64C86D51007687EE00BC2F912 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
13:09:25.0656 2248 NVHDA - ok
13:09:25.0796 2248 [ B2F5AC506C9B1103827B62BA18A2C514 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
13:09:26.0406 2248 nvsvc - ok
13:09:27.0843 2248 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:09:30.0734 2248 nvUpdatusService - ok
13:09:30.0796 2248 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:09:31.0265 2248 NwlnkFlt - ok
13:09:31.0281 2248 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:09:31.0437 2248 NwlnkFwd - ok
13:09:31.0859 2248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
13:09:32.0312 2248 odserv - ok
13:09:32.0421 2248 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:09:32.0750 2248 ohci1394 - ok
13:09:34.0265 2248 [ A696D9A45009FB110922FB1A53002FAC ] OODefragAgent D:\Programme\OO Software\Defrag\oodag.exe
13:09:35.0703 2248 OODefragAgent - ok
13:09:35.0859 2248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:09:36.0437 2248 ose - ok
13:09:36.0562 2248 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:09:37.0250 2248 Parport - ok
13:09:37.0312 2248 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:09:37.0718 2248 PartMgr - ok
13:09:37.0781 2248 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:09:38.0281 2248 ParVdm - ok
13:09:38.0343 2248 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:09:38.0468 2248 pccsmcfd - ok
13:09:38.0609 2248 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:09:39.0109 2248 PCI - ok
13:09:39.0140 2248 PCIDump - ok
13:09:39.0187 2248 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:09:39.0328 2248 PCIIde - ok
13:09:39.0437 2248 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:09:39.0640 2248 Pcmcia - ok
13:09:39.0906 2248 [ 07D9D16537B6969F2BBE00485F10D5BA ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
13:09:40.0343 2248 PCTCore - ok
13:09:40.0562 2248 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\WINDOWS\system32\drivers\pctDS.sys
13:09:40.0968 2248 pctDS - ok
13:09:41.0515 2248 [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA C:\WINDOWS\system32\drivers\pctEFA.sys
13:09:42.0625 2248 pctEFA - ok
13:09:42.0906 2248 [ AE500FF14A222636CD10D346C37A52C4 ] pctgntdi C:\WINDOWS\system32\drivers\pctgntdi.sys
13:09:42.0921 2248 pctgntdi - ok
13:09:43.0015 2248 [ 53CE0E9078360553FAB0BFFF1C1ECF4F ] pctplsm C:\WINDOWS\system32\drivers\pctplsm.sys
13:09:43.0031 2248 pctplsm - ok
13:09:43.0218 2248 [ 9A073A09F22C63247964B946F04CB8A4 ] PCTSD C:\WINDOWS\system32\Drivers\PCTSD.sys
13:09:43.0234 2248 PCTSD - ok
13:09:43.0250 2248 PDCOMP - ok
13:09:43.0250 2248 PDFRAME - ok
13:09:43.0265 2248 PDRELI - ok
13:09:43.0265 2248 PDRFRAME - ok
13:09:43.0265 2248 pepifilter - ok
13:09:43.0265 2248 perc2 - ok
13:09:43.0281 2248 perc2hib - ok
13:09:43.0296 2248 PID_08A0 - ok
13:09:43.0390 2248 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
13:09:43.0453 2248 PlugPlay - ok
13:09:43.0468 2248 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:09:44.0125 2248 PolicyAgent - ok
13:09:44.0265 2248 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:09:44.0875 2248 PptpMiniport - ok
13:09:44.0953 2248 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:09:45.0265 2248 Processor - ok
13:09:45.0312 2248 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:09:45.0406 2248 ProtectedStorage - ok
13:09:45.0468 2248 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:09:46.0187 2248 PSched - ok
13:09:46.0234 2248 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:09:46.0500 2248 Ptilink - ok
13:09:46.0562 2248 [ 681AE4F1927FE0FDEEE2863F1684088D ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
13:09:46.0609 2248 pwdrvio - ok
13:09:46.0656 2248 [ BC60895CE021309EBD887D2F22055654 ] pwdspio C:\WINDOWS\system32\pwdspio.sys
13:09:46.0843 2248 pwdspio - ok
13:09:46.0953 2248 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:09:47.0109 2248 PxHelp20 - ok
13:09:47.0125 2248 ql1080 - ok
13:09:47.0171 2248 Ql10wnt - ok
13:09:47.0171 2248 ql12160 - ok
13:09:47.0218 2248 ql1240 - ok
13:09:47.0234 2248 ql1280 - ok
13:09:47.0328 2248 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:09:47.0484 2248 RasAcd - ok
13:09:47.0609 2248 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:09:47.0906 2248 RasAuto - ok
13:09:48.0000 2248 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:09:48.0281 2248 Rasl2tp - ok
13:09:48.0453 2248 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:09:48.0593 2248 RasMan - ok
13:09:48.0625 2248 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:09:49.0109 2248 RasPppoe - ok
13:09:49.0156 2248 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:09:49.0328 2248 Raspti - ok
13:09:49.0468 2248 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:09:50.0000 2248 Rdbss - ok
13:09:50.0062 2248 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:09:50.0312 2248 RDPCDD - ok
13:09:50.0437 2248 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:09:51.0015 2248 rdpdr - ok
13:09:51.0171 2248 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:09:51.0812 2248 RDPWD - ok
13:09:51.0968 2248 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:09:52.0328 2248 RDSessMgr - ok
13:09:52.0390 2248 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:09:52.0859 2248 redbook - ok
13:09:52.0953 2248 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:09:53.0281 2248 RemoteAccess - ok
13:09:53.0375 2248 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:09:53.0937 2248 RemoteRegistry - ok
13:09:53.0984 2248 RimUsb - ok
13:09:54.0078 2248 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:09:54.0218 2248 RimVSerPort - ok
13:09:54.0265 2248 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
13:09:54.0890 2248 ROOTMODEM - ok
13:09:54.0984 2248 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:09:55.0296 2248 RpcLocator - ok
13:09:55.0562 2248 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:09:55.0796 2248 RpcSs - ok
13:09:55.0906 2248 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:09:56.0281 2248 RSVP - ok
13:09:56.0453 2248 [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:09:56.0468 2248 RTLE8023xp - ok
13:09:56.0656 2248 [ 395F8A964B7412DE019AAEFE95C9637C ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys
13:09:56.0843 2248 RTLWUSB ( UnsignedFile.Multi.Generic ) - warning
13:09:56.0843 2248 RTLWUSB - detected UnsignedFile.Multi.Generic (1)
13:09:57.0031 2248 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\WINDOWS\system32\DRIVERS\s0016bus.sys
13:09:57.0656 2248 s0016bus - ok
13:09:57.0718 2248 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
13:09:57.0750 2248 s0016mdfl - ok
13:09:57.0875 2248 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
13:09:57.0984 2248 s0016mdm - ok
13:09:58.0093 2248 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
13:09:58.0187 2248 s0016mgmt - ok
13:09:58.0203 2248 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
13:09:58.0343 2248 s0016nd5 - ok
13:09:58.0468 2248 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\WINDOWS\system32\DRIVERS\s0016obex.sys
13:09:58.0562 2248 s0016obex - ok
13:09:58.0656 2248 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\WINDOWS\system32\DRIVERS\s0016unic.sys
13:09:58.0734 2248 s0016unic - ok
13:09:58.0828 2248 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\WINDOWS\system32\DRIVERS\s0017bus.sys
13:09:58.0984 2248 s0017bus - ok
13:09:59.0093 2248 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
13:09:59.0125 2248 s0017mdfl - ok
13:09:59.0218 2248 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
13:09:59.0328 2248 s0017mdm - ok
13:09:59.0484 2248 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
13:09:59.0671 2248 s0017mgmt - ok
13:09:59.0734 2248 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
13:09:59.0765 2248 s0017nd5 - ok
13:09:59.0859 2248 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex C:\WINDOWS\system32\DRIVERS\s0017obex.sys
13:10:00.0015 2248 s0017obex - ok
13:10:00.0140 2248 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic C:\WINDOWS\system32\DRIVERS\s0017unic.sys
13:10:00.0218 2248 s0017unic - ok
13:10:00.0281 2248 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:10:00.0687 2248 SamSs - ok
13:10:00.0781 2248 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:10:01.0343 2248 SCardSvr - ok
13:10:01.0515 2248 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:10:02.0031 2248 Schedule - ok
13:10:02.0515 2248 [ AE88672774DF12BEDF76768E52D23424 ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
13:10:03.0593 2248 sdAuxService - ok
13:10:04.0296 2248 [ 5FC31ADB3B47E00349B92E57117D2C07 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
13:10:05.0093 2248 sdCoreService - ok
13:10:05.0187 2248 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:10:05.0328 2248 Secdrv - ok
13:10:05.0375 2248 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
13:10:05.0531 2248 seclogon - ok
13:10:05.0625 2248 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
13:10:05.0734 2248 seehcri - ok
13:10:05.0765 2248 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
13:10:06.0234 2248 SENS - ok
13:10:06.0296 2248 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:10:06.0453 2248 serenum - ok
13:10:06.0562 2248 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:10:06.0734 2248 Serial - ok
13:10:06.0875 2248 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:10:07.0281 2248 Sfloppy - ok
13:10:07.0500 2248 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:10:07.0781 2248 SharedAccess - ok
13:10:07.0890 2248 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:10:07.0937 2248 ShellHWDetection - ok
13:10:07.0937 2248 Simbad - ok
13:10:07.0953 2248 SjyPkt - ok
13:10:08.0156 2248 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate D:\Programme\Skype\Updater\Updater.exe
13:10:08.0171 2248 SkypeUpdate - ok
13:10:08.0250 2248 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:10:09.0140 2248 SLIP - ok
13:10:09.0265 2248 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:10:09.0921 2248 SONYPVU1 - ok
13:10:09.0921 2248 Sparrow - ok
13:10:09.0984 2248 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:10:10.0328 2248 splitter - ok
13:10:10.0453 2248 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:10:10.0578 2248 Spooler - ok
13:10:10.0656 2248 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:10:11.0328 2248 sr - ok
13:10:11.0500 2248 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:10:11.0703 2248 srservice - ok
13:10:11.0953 2248 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:10:12.0437 2248 Srv - ok
13:10:12.0500 2248 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:10:12.0953 2248 SSDPSRV - ok
13:10:13.0000 2248 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
13:10:13.0015 2248 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:10:13.0015 2248 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:10:13.0234 2248 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:10:13.0796 2248 stisvc - ok
13:10:13.0921 2248 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:10:14.0640 2248 streamip - ok
13:10:14.0640 2248 SVKP - ok
13:10:14.0750 2248 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:10:15.0296 2248 swenum - ok
13:10:15.0375 2248 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:10:15.0515 2248 swmidi - ok
13:10:15.0531 2248 SwPrv - ok
13:10:15.0531 2248 symc810 - ok
13:10:15.0546 2248 symc8xx - ok
13:10:15.0546 2248 sym_hi - ok
13:10:15.0546 2248 sym_u3 - ok
13:10:15.0671 2248 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:10:16.0125 2248 sysaudio - ok
13:10:16.0234 2248 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:10:16.0515 2248 SysmonLog - ok
13:10:16.0718 2248 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:10:16.0859 2248 TapiSrv - ok
13:10:17.0125 2248 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:10:17.0562 2248 Tcpip - ok
13:10:17.0609 2248 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:10:17.0968 2248 TDPIPE - ok
13:10:18.0031 2248 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:10:18.0312 2248 TDTCP - ok
13:10:18.0359 2248 TeamViewer4 - ok
13:10:20.0359 2248 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
13:10:22.0468 2248 TeamViewer8 - ok
13:10:22.0546 2248 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:10:23.0000 2248 TermDD - ok
13:10:23.0250 2248 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:10:23.0390 2248 TermService - ok
13:10:23.0500 2248 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:10:23.0515 2248 Themes - ok
13:10:23.0625 2248 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:10:24.0031 2248 TlntSvr - ok
13:10:24.0062 2248 TosIde - ok
13:10:24.0203 2248 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:10:24.0750 2248 TrkWks - ok
13:10:25.0000 2248 [ AA241431B3AF27B0CAAC25B313AB5121 ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
13:10:26.0109 2248 TuneUp.Defrag - ok
13:10:26.0203 2248 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:10:26.0390 2248 Udfs - ok
13:10:26.0390 2248 ultra - ok
13:10:26.0796 2248 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:10:27.0281 2248 Update - ok
13:10:27.0421 2248 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:10:27.0625 2248 upnphost - ok
13:10:27.0671 2248 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
13:10:27.0765 2248 UPS - ok
13:10:27.0843 2248 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:10:27.0953 2248 USBAAPL - ok
13:10:28.0031 2248 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:10:28.0218 2248 usbaudio - ok
13:10:28.0265 2248 usbbus - ok
13:10:28.0328 2248 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:10:28.0453 2248 usbccgp - ok
13:10:28.0453 2248 UsbDiag - ok
13:10:28.0515 2248 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:10:28.0640 2248 usbehci - ok
13:10:28.0703 2248 [ E5B14557793164DB879EE56F5B59C3E2 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys
13:10:28.0703 2248 usbfilter - ok
13:10:28.0796 2248 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:10:28.0937 2248 usbhub - ok
13:10:28.0968 2248 USBModem - ok
13:10:29.0000 2248 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:10:29.0203 2248 usbohci - ok
13:10:29.0218 2248 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:10:29.0343 2248 usbprint - ok
13:10:29.0437 2248 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:10:29.0609 2248 usbscan - ok
13:10:29.0703 2248 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
13:10:29.0796 2248 usbser - ok
13:10:29.0812 2248 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:10:29.0984 2248 USBSTOR - ok
13:10:30.0890 2248 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:10:31.0640 2248 usb_rndisx - ok
13:10:31.0750 2248 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
13:10:31.0781 2248 UxTuneUp - ok
13:10:31.0843 2248 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:10:32.0000 2248 VgaSave - ok
13:10:32.0015 2248 ViaIde - ok
13:10:32.0265 2248 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:10:32.0437 2248 VolSnap - ok
13:10:32.0687 2248 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:10:33.0015 2248 VSS - ok
13:10:33.0328 2248 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
13:10:33.0437 2248 W32Time - ok
13:10:33.0531 2248 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:10:33.0750 2248 Wanarp - ok
13:10:33.0843 2248 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:10:34.0000 2248 wceusbsh - ok
13:10:34.0640 2248 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:10:36.0468 2248 Wdf01000 - ok
13:10:36.0468 2248 WDICA - ok
13:10:36.0578 2248 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:10:36.0859 2248 wdmaud - ok
13:10:36.0968 2248 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:10:37.0218 2248 WebClient - ok
13:10:37.0390 2248 [ 9778519FDD5446A5487ABEC5A5B3D6E0 ] wfxsvc C:\WINDOWS\system32\WFXSVC.EXE
13:10:37.0500 2248 wfxsvc ( UnsignedFile.Multi.Generic ) - warning
13:10:37.0500 2248 wfxsvc - detected UnsignedFile.Multi.Generic (1)
13:10:37.0781 2248 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:10:38.0062 2248 winmgmt - ok
13:10:38.0093 2248 WinUSB - ok
13:10:39.0328 2248 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:40.0218 2248 wlidsvc - ok
13:10:40.0296 2248 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:10:40.0421 2248 WmdmPmSN - ok
13:10:40.0828 2248 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:10:41.0406 2248 Wmi - ok
13:10:41.0484 2248 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:10:42.0000 2248 WmiAcpi - ok
13:10:42.0125 2248 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:10:42.0437 2248 WmiApSrv - ok
13:10:43.0093 2248 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
13:10:44.0203 2248 WMPNetworkSvc - ok
13:10:44.0296 2248 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:10:44.0421 2248 WpdUsb - ok
13:10:45.0140 2248 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:10:46.0265 2248 WPFFontCache_v0400 - ok
13:10:46.0343 2248 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:10:47.0593 2248 WS2IFSL - ok
13:10:47.0671 2248 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:10:47.0953 2248 wscsvc - ok
13:10:48.0031 2248 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:10:48.0421 2248 WSTCODEC - ok
13:10:48.0484 2248 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:10:48.0656 2248 wuauserv - ok
13:10:48.0765 2248 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:10:48.0968 2248 WudfPf - ok
13:10:49.0062 2248 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:10:49.0140 2248 WudfRd - ok
13:10:49.0234 2248 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:10:49.0343 2248 WudfSvc - ok
13:10:49.0640 2248 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:10:50.0046 2248 WZCSVC - ok
13:10:50.0171 2248 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:10:50.0515 2248 xmlprov - ok
13:10:50.0531 2248 ZTEusbmdm6k - ok
13:10:50.0578 2248 ZTEusbnmea - ok
13:10:50.0593 2248 ZTEusbser6k - ok
13:10:50.0734 2248 ================ Scan global ===============================
13:10:50.0828 2248 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
13:10:51.0078 2248 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:10:51.0421 2248 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:10:51.0531 2248 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
13:10:51.0531 2248 [Global] - ok
13:10:51.0531 2248 ================ Scan MBR ==================================
13:10:51.0578 2248 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
13:10:55.0000 2248 \Device\Harddisk0\DR0 - ok
13:10:55.0031 2248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:10:58.0781 2248 \Device\Harddisk1\DR1 - ok
13:10:58.0781 2248 ================ Scan VBR ==================================
13:10:58.0796 2248 [ F4B49CA14A16A9C96697C800FC336A86 ] \Device\Harddisk0\DR0\Partition1
13:10:58.0812 2248 \Device\Harddisk0\DR0\Partition1 - ok
13:10:58.0859 2248 [ F0250F1656BEDED05157AB0E4CA99AED ] \Device\Harddisk0\DR0\Partition2
13:10:58.0875 2248 \Device\Harddisk0\DR0\Partition2 - ok
13:10:58.0906 2248 [ 45CF9AFF53E7DA83ED4E324E2FD4F479 ] \Device\Harddisk1\DR1\Partition1
13:10:58.0937 2248 \Device\Harddisk1\DR1\Partition1 - ok
13:10:58.0937 2248 [ C8BC77798ED7549E1EAEE5B16D92E5D3 ] \Device\Harddisk1\DR1\Partition2
13:10:58.0953 2248 \Device\Harddisk1\DR1\Partition2 - ok
13:10:58.0953 2248 ============================================================
13:10:58.0953 2248 Scan finished
13:10:58.0953 2248 ============================================================
13:10:59.0156 2992 Detected object count: 17
13:10:59.0156 2992 Actual detected object count: 17
13:11:20.0906 2992 a347bus ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0906 2992 a347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0906 2992 a347scsi ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0906 2992 a347scsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0921 2992 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0921 2992 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0921 2992 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0921 2992 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0921 2992 atapi ( LockedFile.Multi.Generic ) - skipped by user
13:11:20.0921 2992 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
13:11:20.0921 2992 AVMCOWAN ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0921 2992 AVMCOWAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 FileDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 FileDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 FXUSBASE ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 FXUSBASE ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 KMService ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 Navcar ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 Navcar ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 RTLWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 RTLWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:20.0937 2992 wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:20.0937 2992 wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:39.0625 3020 Deinitialize success
|
|
15.01.2013, 14:56
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Sagmal aus welcher Quelle hast du Office 2010? Von wo hast du das bezogen? Oder hat dir das jmd installiert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 18:03
| #11 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Hallo, ich habe kein Office 2010 sondern 2007 und diese legal im Berlet Markt erworben. aswMBR.exe auch beim Quickscan Fehler Bluescreen :-( |
|
16.01.2013, 11:48
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC verhält sich wie mit 64MB Ram merkwürdige CPU AuslastungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.01.2013, 11:56
| #13 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung keine Ahnung. habe nur Office 2007. Kann sein das ich mal eine Testversion hatte, ist schon alles lange her. Ich habe jetzt auf der zweiten Platte Windows installiert um wenigstens den Rechner wieder nutzen zu können. Was mache ich jetzt? Platt machen das Windows? |
|
16.01.2013, 13:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Hm ok. Was ist mit aswMBR? Es gab extra einen Hinweis dazu für den Fall des Absturzes!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.01.2013, 18:12
| #15 |
| | PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung der Quickscan lief jetzt durch und war nach 4 Stunden fertig. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 14:20:37
-----------------------------
14:20:37.781 OS Version: Windows 5.1.2600 Service Pack 3
14:20:37.781 Number of processors: 2 586 0x603
14:20:37.781 ComputerName: WORKSTATION UserName: Rose
14:22:06.625 Initialize success
14:26:08.984 AVAST engine defs: 13011600
14:26:55.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:26:55.000 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01112 Size: 476940MB BusType: 3
14:26:55.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:26:55.015 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
14:26:55.031 Device \Driver\atapi -> MajorFunction 8b162210
14:26:55.046 Disk 0 MBR read successfully
14:26:55.062 Disk 0 MBR scan
14:26:55.687 Disk 0 Windows XP default MBR code
14:26:55.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 158979 MB offset 63
14:26:56.843 Disk 0 Partition - 00 0F Extended LBA 317950 MB offset 325589355
14:26:57.031 Disk 0 scanning sectors +976752000
14:26:57.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:29:09.281 Service scanning
14:29:32.781 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
14:31:21.625 Modules scanning
14:32:12.906 Disk 0 trace - called modules:
14:32:12.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8b162210]<<
14:32:12.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b70dab8]
14:32:12.953 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x8b70ee50]
14:32:12.953 5 PCTCore.sys[b7dfcefb] -> nt!IofCallDriver -> \Device\00000088[0x8b7b4700]
14:32:12.953 7 ACPI.sys[b7f36620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b721d98]
14:32:12.953 \Driver\atapi[0x8b724f38] -> IRP_MJ_CREATE -> 0x8b162210
14:32:21.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:32:21.312 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 14:20:37
-----------------------------
14:20:37.781 OS Version: Windows 5.1.2600 Service Pack 3
14:20:37.781 Number of processors: 2 586 0x603
14:20:37.781 ComputerName: WORKSTATION UserName: Rose
14:22:06.625 Initialize success
14:26:08.984 AVAST engine defs: 13011600
14:26:55.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:26:55.000 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01112 Size: 476940MB BusType: 3
14:26:55.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:26:55.015 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
14:26:55.031 Device \Driver\atapi -> MajorFunction 8b162210
14:26:55.046 Disk 0 MBR read successfully
14:26:55.062 Disk 0 MBR scan
14:26:55.687 Disk 0 Windows XP default MBR code
14:26:55.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 158979 MB offset 63
14:26:56.843 Disk 0 Partition - 00 0F Extended LBA 317950 MB offset 325589355
14:26:57.031 Disk 0 scanning sectors +976752000
14:26:57.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:29:09.281 Service scanning
14:29:32.781 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
14:31:21.625 Modules scanning
14:32:12.906 Disk 0 trace - called modules:
14:32:12.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8b162210]<<
14:32:12.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b70dab8]
14:32:12.953 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x8b70ee50]
14:32:12.953 5 PCTCore.sys[b7dfcefb] -> nt!IofCallDriver -> \Device\00000088[0x8b7b4700]
14:32:12.953 7 ACPI.sys[b7f36620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b721d98]
14:32:12.953 \Driver\atapi[0x8b724f38] -> IRP_MJ_CREATE -> 0x8b162210
14:32:21.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:32:21.312 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
14:32:25.734 AVAST engine scan C:\WINDOWS
14:33:27.234 AVAST engine scan C:\WINDOWS\system32
14:37:11.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:37:11.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR2.txt"
14:41:14.000 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:41:14.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR3.txt"
14:55:42.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:55:42.406 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 14:20:37
-----------------------------
14:20:37.781 OS Version: Windows 5.1.2600 Service Pack 3
14:20:37.781 Number of processors: 2 586 0x603
14:20:37.781 ComputerName: WORKSTATION UserName: Rose
14:22:06.625 Initialize success
14:26:08.984 AVAST engine defs: 13011600
14:26:55.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:26:55.000 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01112 Size: 476940MB BusType: 3
14:26:55.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:26:55.015 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
14:26:55.031 Device \Driver\atapi -> MajorFunction 8b162210
14:26:55.046 Disk 0 MBR read successfully
14:26:55.062 Disk 0 MBR scan
14:26:55.687 Disk 0 Windows XP default MBR code
14:26:55.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 158979 MB offset 63
14:26:56.843 Disk 0 Partition - 00 0F Extended LBA 317950 MB offset 325589355
14:26:57.031 Disk 0 scanning sectors +976752000
14:26:57.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:29:09.281 Service scanning
14:29:32.781 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
14:31:21.625 Modules scanning
14:32:12.906 Disk 0 trace - called modules:
14:32:12.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8b162210]<<
14:32:12.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b70dab8]
14:32:12.953 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x8b70ee50]
14:32:12.953 5 PCTCore.sys[b7dfcefb] -> nt!IofCallDriver -> \Device\00000088[0x8b7b4700]
14:32:12.953 7 ACPI.sys[b7f36620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b721d98]
14:32:12.953 \Driver\atapi[0x8b724f38] -> IRP_MJ_CREATE -> 0x8b162210
14:32:21.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:32:21.312 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
14:32:25.734 AVAST engine scan C:\WINDOWS
14:33:27.234 AVAST engine scan C:\WINDOWS\system32
14:37:11.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:37:11.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR2.txt"
14:41:14.000 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:41:14.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR3.txt"
14:55:42.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:55:42.406 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
15:22:47.703 AVAST engine scan C:\WINDOWS\system32\drivers
15:25:24.640 AVAST engine scan C:\Dokumente und Einstellungen\Rose
17:56:13.343 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:00:10.531 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
18:00:10.578 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 14:20:37
-----------------------------
14:20:37.781 OS Version: Windows 5.1.2600 Service Pack 3
14:20:37.781 Number of processors: 2 586 0x603
14:20:37.781 ComputerName: WORKSTATION UserName: Rose
14:22:06.625 Initialize success
14:26:08.984 AVAST engine defs: 13011600
14:26:55.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:26:55.000 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01112 Size: 476940MB BusType: 3
14:26:55.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:26:55.015 Disk 1 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
14:26:55.031 Device \Driver\atapi -> MajorFunction 8b162210
14:26:55.046 Disk 0 MBR read successfully
14:26:55.062 Disk 0 MBR scan
14:26:55.687 Disk 0 Windows XP default MBR code
14:26:55.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 158979 MB offset 63
14:26:56.843 Disk 0 Partition - 00 0F Extended LBA 317950 MB offset 325589355
14:26:57.031 Disk 0 scanning sectors +976752000
14:26:57.609 Disk 0 scanning C:\WINDOWS\system32\drivers
14:29:09.281 Service scanning
14:29:32.781 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
14:31:21.625 Modules scanning
14:32:12.906 Disk 0 trace - called modules:
14:32:12.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8b162210]<<
14:32:12.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b70dab8]
14:32:12.953 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x8b70ee50]
14:32:12.953 5 PCTCore.sys[b7dfcefb] -> nt!IofCallDriver -> \Device\00000088[0x8b7b4700]
14:32:12.953 7 ACPI.sys[b7f36620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b721d98]
14:32:12.953 \Driver\atapi[0x8b724f38] -> IRP_MJ_CREATE -> 0x8b162210
14:32:21.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:32:21.312 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
14:32:25.734 AVAST engine scan C:\WINDOWS
14:33:27.234 AVAST engine scan C:\WINDOWS\system32
14:37:11.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:37:11.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR2.txt"
14:41:14.000 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:41:14.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR3.txt"
14:55:42.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
14:55:42.406 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
15:22:47.703 AVAST engine scan C:\WINDOWS\system32\drivers
15:25:24.640 AVAST engine scan C:\Dokumente und Einstellungen\Rose
17:56:13.343 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:00:10.531 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
18:00:10.578 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
18:04:51.734 Scan finished successfully
18:05:36.375 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\MBR.dat"
18:05:36.375 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Rose\Desktop\aswMBR.txt"
|
|
| Themen zu PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung |
| antivirus, auslastung, bho, bonjour, browser, converter, error, eset nod32, festplatte, firefox, flash player, gebraucht, helper, kaspersky, langsam, logfile, microsoft office 2003, mozilla, mp3, nodrives, ntdll.dll, nvidia update, ohne befund, plug-in, realtek, registry, scan, security, software, symantec, taskmanager, virus |
Hybrid-Darstellung
