| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pum disabledWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.01.2013, 22:21
| #1 |
 |  Pum disabled Hallo ihr Helfer, versuche grade den PC meiner Frau zu retten und fange mir selber einen Trojaner ein... Ich hoffe, dass es eine schnelle Lösung für das Übel gibt und ich nicht auch noch diesen Rechner komplett neu instalieren muss... Wäre lieb, wenn mir da jemand helfen kann. Hier kommen Mbam,OTL+Extra,Gmer : |
|
27.01.2013, 01:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Pum disabled Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
28.01.2013, 10:05
| #3 |
| | Pum disabled Wenn Du auf Thema starten gehst und der Text mit den Gmer,OTL,Extra zu groß ist, erscheint der Hinweis "Logs bitte als Archiv an den Beitrag anhängen.
__________________Von der Möglichkeit die Du hier beschreibst, lese ich zum ersten Mal...und kommt die selbe Meldung(s.o.) Also für jeden Log eine extra Antwort?? MalwareText Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.26.08 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 FUJITSU-SIEMENS :: FUJITSU-5E160D1 [Administrator] Schutz: Aktiviert 26.01.2013 17:11:13 MBAM-log-2013-01-26 (17-25-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211592 Laufzeit: 12 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 26.01.2013 17:52:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 139,28 Mb Available Physical Memory | 13,61% Memory free 2,40 Gb Paging File | 1,46 Gb Available in Paging File | 60,62% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 11,19 Gb Free Space | 15,01% Space Free | Partition Type: NTFS Computer Name: FUJITSU-5E160D1 | User Name: FUJITSU-SIEMENS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.26 17:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\OTL.exe PRC - [2013.01.21 11:02:36 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.28 20:12:44 | 000,013,824 | ---- | M] (Smartbar) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe PRC - [2012.05.21 08:15:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011.07.04 08:41:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 09:19:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.10 12:14:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.16 14:16:35 | 002,229,632 | ---- | M] () -- C:\Programme\GMX\LiveUpdate\m2LUTray.exe PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe PRC - [2008.04.23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe PRC - [2007.08.10 20:44:58 | 000,765,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\b76443b8c3e363672b10791338cc85db\update\update.exe PRC - [2007.06.11 15:48:56 | 000,126,976 | ---- | M] (AccSys GmbH) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe PRC - [2005.08.12 10:09:32 | 000,552,960 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe PRC - [2005.06.21 14:09:58 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.04.06 15:53:06 | 003,502,080 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 15:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 15:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe PRC - [2004.08.25 11:00:00 | 000,538,112 | ---- | M] (Mirko Böer) -- C:\Programme\0190 Warner\Warn0190.exe PRC - [2004.08.25 11:00:00 | 000,113,152 | ---- | M] (Mirko Böer) -- C:\Programme\0190 Warner\w0svc.exe PRC - [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.07.23 10:02:28 | 000,233,472 | ---- | M] (Nikon Corporation) -- C:\Programme\Nikon\NkView5\NkvMon.exe PRC - [2002.01.05 10:22:14 | 001,748,992 | ---- | M] () -- C:\ScanPanel\ScnPanel.exe PRC - [1998.04.15 09:59:46 | 000,082,944 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe ========== Modules (No Company Name) ========== MOD - [2013.01.25 09:58:35 | 000,911,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2013.01.25 09:58:29 | 008,013,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2013.01.25 09:58:27 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2013.01.21 11:02:34 | 003,022,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.01.11 10:48:15 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.11.28 20:12:42 | 000,035,840 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2012.11.28 20:12:42 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2012.11.28 20:12:40 | 001,431,552 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2012.11.28 20:12:40 | 000,007,680 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2012.11.28 20:12:38 | 000,559,104 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2012.11.28 20:12:38 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2012.11.28 20:12:36 | 000,073,216 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2012.11.28 20:12:36 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll MOD - [2012.11.28 20:12:36 | 000,013,824 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2012.11.28 20:12:34 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2012.11.28 20:10:44 | 000,041,472 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll MOD - [2012.11.28 20:10:44 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll MOD - [2012.11.28 20:10:44 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2012.11.28 20:10:42 | 000,062,976 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2012.11.28 20:10:42 | 000,012,800 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2012.11.28 20:10:42 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2012.11.28 20:10:42 | 000,009,728 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2012.11.28 20:09:12 | 000,074,752 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2012.11.28 20:09:12 | 000,007,168 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2012.11.28 20:09:12 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2012.11.28 20:09:10 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\MACTrackBarLib.dll MOD - [2010.06.23 21:01:46 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.06.23 21:01:35 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2010.06.23 21:01:26 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.06.21 19:52:42 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll MOD - [2010.06.21 19:52:07 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll MOD - [2010.06.21 19:51:49 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll MOD - [2010.06.21 19:50:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll MOD - [2010.06.13 12:18:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll MOD - [2010.06.13 12:18:18 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll MOD - [2010.06.13 12:17:44 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll MOD - [2010.06.13 12:16:59 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll MOD - [2010.06.13 12:14:16 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.01.10 21:59:10 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll MOD - [2010.01.09 21:29:54 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll MOD - [2009.12.26 20:19:41 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.12.26 20:19:40 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.10.16 14:16:35 | 002,229,632 | ---- | M] () -- C:\Programme\GMX\LiveUpdate\m2LUTray.exe MOD - [2008.04.14 07:52:26 | 000,438,272 | ---- | M] () -- C:\WINDOWS\SoftwareDistribution\Download\b76443b8c3e363672b10791338cc85db\update\spcompat.dll MOD - [2006.01.12 20:20:48 | 001,265,664 | ---- | M] () -- C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\adistres.DEU MOD - [2006.01.12 20:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.DEU MOD - [2006.01.12 20:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.FRA MOD - [2005.08.12 10:09:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll MOD - [2005.08.12 10:09:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll MOD - [2005.08.12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll MOD - [2005.08.12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll MOD - [2005.08.12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56ger.dll MOD - [2005.08.12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56fra.dll MOD - [2005.08.12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll MOD - [2005.08.12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll MOD - [2005.08.12 10:09:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll MOD - [2005.04.06 15:53:12 | 001,019,904 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll MOD - [2005.04.06 15:53:10 | 000,434,255 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll MOD - [2005.04.06 15:53:10 | 000,053,364 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll MOD - [2005.04.06 15:53:08 | 000,057,455 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\net.dll MOD - [2005.04.06 15:53:08 | 000,057,453 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll MOD - [2005.04.06 15:53:06 | 003,502,080 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe MOD - [2005.04.06 15:53:06 | 000,102,515 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\java.dll MOD - [2005.04.06 15:53:02 | 000,032,880 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll MOD - [2005.04.06 15:52:58 | 000,028,791 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll MOD - [2004.08.04 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2002.01.05 10:22:14 | 001,748,992 | ---- | M] () -- C:\ScanPanel\ScnPanel.exe MOD - [1997.06.02 23:16:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\system32\sh33w32.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.01.21 11:02:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.11 10:48:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.07.04 08:41:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 09:19:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.05.24 21:48:30 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Start_Pending] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2007.06.11 15:48:56 | 000,126,976 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe -- (accvssvc) SRV - [2005.04.06 15:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) SRV - [2004.08.25 11:00:00 | 000,113,152 | ---- | M] (Mirko Böer) [Auto | Running] -- C:\Programme\0190 Warner\w0svc.exe -- (0190_0900_Warner_MonitorService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Unknown] -- C:\DOKUME~1\FUJITS~1\LOKALE~1\Temp\mc21.tmp -- (mchInjDrv) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.04 08:41:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.04 08:41:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.06.05 14:37:14 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2006.07.30 21:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531) DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005.09.12 09:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.08.12 10:16:30 | 000,845,356 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005.08.09 21:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.07.13 16:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2005.03.04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.01.07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2002.04.17 19:27:02 | 000,011,264 | R--- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.gmx.net IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "GMX Suche" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.amway.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: helperbar%40helperbar.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/suchbox/gmxsuche?su=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 08:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.21 11:02:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.25 22:19:26 | 000,000,000 | ---D | M] [2008.08.27 14:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Extensions [2013.01.26 16:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\extensions [2012.11.30 08:29:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.04.27 20:32:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.26 16:29:46 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\extensions\helperbar@helperbar.com [2013.01.19 20:51:56 | 000,538,938 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\extensions\toolbar@web.de.xpi [2013.01.19 20:52:45 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\11-suche.xml [2010.01.24 21:33:47 | 000,005,591 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\1und1-suche.xml [2010.01.24 21:33:46 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\amazonde.xml [2013.01.19 20:52:46 | 000,002,273 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\englische-ergebnisse.xml [2013.01.19 20:52:45 | 000,010,563 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\gmx-suche.xml [2013.01.19 20:52:46 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\lastminute.xml [2013.01.19 20:52:45 | 000,005,545 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\webde-suche.xml [2009.07.03 10:16:56 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\winamp-search.xml [2013.01.21 11:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.21 11:02:36 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.21 08:15:57 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2012.02.08 09:42:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.04 08:21:06 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.08 09:42:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 09:42:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 09:42:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 09:42:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml Code:
ATTFilter OTL Extras logfile created on: 26.01.2013 17:52:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 139,28 Mb Available Physical Memory | 13,61% Memory free
2,40 Gb Paging File | 1,46 Gb Available in Paging File | 60,62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 11,19 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Computer Name: FUJITSU-5E160D1 | User Name: FUJITSU-SIEMENS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" ()
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [${PROGRAM_NAME_}] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\Macromedia\Fireworks MX\Fireworks.exe" = C:\Programme\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)
"C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Programme\Pinnacle\Studio 12\Programs\RM.exe" = C:\Programme\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Programme\Pinnacle\Studio 12\Programs\umi.exe" = C:\Programme\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{601F42A9-8B4F-4650-A472-4CA8325E3E87}" = D6100
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6BD56B1C-71E3-411E-8B45-8A73EE81C42F}" = DSL Connection Manager
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90190407-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 5
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1845647-AAD6-4126-9335-4922BA3B0423}" = QuickShare
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D181A318-28DF-4B83-8F13-24C2D0BDA12D}" = Garmin POI Loader
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (deu)
"{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"0190Warner" = 0190 Warner 4.03
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlazePhoto 2.0_is1" = BlazePhoto 2.0
"Budenberg_is1" = Budenberg Software Mehrplatz 10/06 WIN
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"Clean 4.01" = Clean 4.01
"Corel Uninstaller" = Corel Uninstaller
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition
"GENEUIDE" = USB Storage Driver
"GMX Update" = GMX Update
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"LabelEditor" = LabelEditor
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 9 deluxe D" = MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"OVT Scanner" = Uninstall OVT Scanner
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 15.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SuperAlbum" = SuperAlbum
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WaveLab Lite" = WaveLab Lite
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.12.2012 09:15:43 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e47a85.
Error - 31.12.2012 05:53:37 | Computer Name = FUJITSU-5E160D1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 17.0.1.4715, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.01.2013 15:40:57 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e35130.
Error - 05.01.2013 14:46:38 | Computer Name = FUJITSU-5E160D1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Photoshop.exe, Version 9.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.01.2013 04:51:24 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e35fc0.
Error - 11.01.2013 04:26:43 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e34f17.
Error - 11.01.2013 04:41:49 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nkvbrows.exe, Version 5.1.3.3004, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x003d01d1.
Error - 15.01.2013 15:19:27 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e47b16.
Error - 16.01.2013 06:29:25 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e498b9.
Error - 26.01.2013 06:50:12 | Computer Name = FUJITSU-5E160D1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hpqste08.exe, Version 70.0.170.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e34a8f.
< End of report >
Geändert von LeGaston (28.01.2013 um 10:13 Uhr) |
|
28.01.2013, 10:20
| #4 |
| | Pum disabled Gmer Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-26 21:41:58
Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080BH rev.00000025 74,53GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\FUJITS~1\LOKALE~1\Temp\ffxdiaow.sys
---- System - GMER 2.0 ----
SSDT F7F4423C ZwClose
SSDT F7F441F6 ZwCreateKey
SSDT F7F44246 ZwCreateSection
SSDT F7F441EC ZwCreateThread
SSDT F7F441FB ZwDeleteKey
SSDT F7F44205 ZwDeleteValueKey
SSDT F7F44237 ZwDuplicateObject
SSDT F7F4420A ZwLoadKey
SSDT F7F441D8 ZwOpenProcess
SSDT F7F441DD ZwOpenThread
SSDT F7F44214 ZwReplaceKey
SSDT F7F4420F ZwRestoreKey
SSDT F7F4424B ZwSetContextThread
SSDT F7F44200 ZwSetValueKey
SSDT F7F441E7 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
? C:\DOKUME~1\FUJITS~1\LOKALE~1\Temp\mc21.tmp Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 2.0 ----
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [37, 5F] {AAA ; POP EDI}
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F2A0F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F240F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F1E0F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F300F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F270F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F330F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F2D0F5A
.text C:\PROGRA~1\0190WA~1\WARN0190.EXE[116] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F210F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe[168] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe[348] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[448] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [29, 5F]
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F160F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F100F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F220F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F190F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F250F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Messenger\msmsgs.exe[480] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F130F5A
.text C:\Programme\Messenger\msmsgs.exe[480] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F070F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\HP\HP Software Update\HPWuSchd2.exe[576] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[596] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[656] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\csrss.exe[736] KERNEL32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [38, 5F]
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe[1436] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[1444] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[1496] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1500] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1572] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F070F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Nikon\NkView5\NkvMon.exe[1584] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1672] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\program files\real\realplayer\update\realsched.exe[1732] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
|
|
28.01.2013, 11:07
| #5 |
| | Pum disabled So nun noch OTL Teil 2 und GMER Teil 2 Sorry Code:
ATTFilter O1 HOSTS File: ([2010.01.11 16:06:35 | 000,371,903 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12818 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [0190 Warner] C:\Programme\0190 Warner\Warn0190.exe (Mirko Böer)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GMX Update] C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file://C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Eigene Dateien\Eigene Videos\diashows\components\hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file://C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Eigene Dateien\Eigene Videos\diashows\components\A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file://C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Eigene Dateien\Eigene Videos\diashows\components\wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF3ADBD5-F120-46AD-B30D-F06025253AB9}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.29 09:49:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e9d7858-b692-11de-a813-00166f1da035}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.26 17:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\OTL.exe
[2013.01.26 17:08:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Malwarebytes
[2013.01.26 17:08:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.26 17:08:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.26 17:08:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.26 17:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.25 22:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Eigene Dateien\0190 Warner
[2013.01.25 10:59:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013.01.25 09:58:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar
[2013.01.25 09:57:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\OpenCandy
[2013.01.21 16:17:48 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.21 11:01:52 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.21 09:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.26 18:06:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 17:57:20 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe
[2013.01.26 17:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\OTL.exe
[2013.01.26 17:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.26 17:08:27 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.26 16:09:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-790525478-839522115-1004.job
[2013.01.26 16:09:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.26 16:09:00 | 000,001,081 | ---- | M] () -- C:\WINDOWS\ScnPanel.ini
[2013.01.26 16:08:56 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_FUJITSU-SIEMENS.job
[2013.01.26 16:08:55 | 000,002,343 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2013.01.26 16:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.26 16:08:43 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 23:10:03 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_FUJITSU-SIEMENS.job
[2013.01.25 10:43:01 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.01.25 08:58:13 | 000,001,068 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.01.25 08:57:22 | 000,001,080 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\Dropbox.lnk
[2013.01.24 23:12:03 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_FUJITSU-SIEMENS.job
[2013.01.24 17:56:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.01.23 09:20:30 | 000,261,280 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\braunschweig termine.pdf
[2013.01.23 09:04:46 | 000,053,272 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\wklnhst.dat
[2013.01.21 16:35:38 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\7z920.exe
[2013.01.21 16:18:20 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.21 15:58:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.01.21 09:32:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.30 16:36:28 | 000,011,589 | ---- | M] () -- C:\WINDOWS\Dusb4ar.ini
[2012.12.30 16:36:28 | 000,002,677 | ---- | M] () -- C:\WINDOWS\Ausba4.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.26 17:57:16 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe
[2013.01.26 17:08:27 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 09:20:30 | 000,261,280 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\braunschweig termine.pdf
[2013.01.21 16:35:38 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\7z920.exe
[2012.12.30 14:46:29 | 000,001,068 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Startmenü\Programme\Autostart\Dropbox.lnk
[2011.05.31 17:26:57 | 000,382,986 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.04.09 20:03:12 | 000,010,231 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\nettwork_elster_2048.pfx
[2007.12.03 22:49:39 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.03 20:09:37 | 000,053,272 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\wklnhst.dat
[2006.08.29 10:23:52 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2006.08.29 10:23:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 16:35:16 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008.07.24 20:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys
[2009.12.01 13:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2010.01.03 13:09:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2012.06.30 21:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2010.01.24 21:20:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2010.01.30 22:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.06.01 09:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MyPoiWorld
[2011.04.11 11:10:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2011.04.11 11:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Plus
[2011.04.11 11:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate
[2011.12.25 10:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2011.04.11 11:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Studio 12
[2011.04.04 13:20:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.01.24 21:25:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A2AFE646-BFB3-4901-8981-D88877D59264}
[2010.01.24 21:26:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B00EAAA7-F13E-4331-8129-65E59662AFA6}
[2010.02.28 20:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\AmwayPricelist
[2010.01.03 13:09:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Canon
[2013.01.26 16:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox
[2012.06.30 21:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\elsterformular
[2011.05.31 14:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\GARMIN
[2006.09.24 19:21:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\InterVideo
[2010.01.25 12:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\MAGIX
[2006.09.16 17:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Nikon
[2013.01.25 09:57:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\OpenCandy
[2008.09.05 09:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Opera
[2012.05.20 19:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Oracle
[2011.12.25 10:53:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\RavensburgerTipToi
[2006.09.25 19:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Steinberg
[2007.02.03 20:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Template
========== Purity Check ==========
< End of report >
Code:
ATTFilter .text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1832] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\0190WA~1\w0svc.exe[1892] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe[1904] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!??2@YAPAXI@Z 77BF9CC5 5 Bytes JMP 0A90D480 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!??3@YAXPAX@Z 77BF9CDD 5 Bytes JMP 0A90D2D0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77BF9D9F 5 Bytes JMP 0A90D500 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_aligned_offset_malloc 77BF9DAF 5 Bytes JMP 0A90D3E0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_aligned_free 77BF9E33 5 Bytes JMP 0A90D2D0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_aligned_malloc 77BF9E52 5 Bytes JMP 0A90D3C0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_aligned_offset_realloc 77BF9E6E 5 Bytes JMP 0A90D420 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_aligned_realloc 77BF9FC6 5 Bytes JMP 0A90D400 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_expand 77BF9FE5 5 Bytes JMP 0A90D3A0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_heapadd 77BFBC9F 5 Bytes JMP 0A90D550 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_heapchk 77BFBCB3 5 Bytes JMP 0A90D560 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_heapset + 1 77BFBD83 4 Bytes JMP 0A90D581 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_heapmin 77BFBD8C 5 Bytes JMP 0A90D650 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_heapused 77BFBE3A 5 Bytes JMP 0A90D620 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_heapwalk 77BFBE4D 5 Bytes JMP 0A90D590 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!_msize 77BFBF6C 5 Bytes JMP 0A90D2E0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!calloc 77BFC0C3 5 Bytes JMP 0A90D270 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!free 77BFC21B 5 Bytes JMP 0A90D2D0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!malloc 77BFC407 5 Bytes JMP 0A90D230 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1924] msvcrt.dll!realloc 77BFC437 5 Bytes JMP 0A90D2B0 C:\Programme\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe[2032] KERNEL32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe[2084] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F280F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe[2160] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[2348] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\ScanPanel\ScnPanel.exe[2468] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2780] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\alg.exe[2784] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F0A0F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [29, 5F]
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F1C0F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F160F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0D0F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F100F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F220F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F190F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F250F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1F0F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F130F5A
.text C:\Programme\GMX\LiveUpdate\m2LUTray.exe[2872] wininet.dll!InternetDial 771C2D72 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Dropbox\bin\Dropbox.exe[2904] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2912] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [28, 5F]
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F210F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F240F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1E0F5A
.text C:\WINDOWS\sm56hlpr.exe[3120] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!??2@YAPAXI@Z 77BF9CC5 5 Bytes JMP 0A93B250 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!??3@YAXPAX@Z 77BF9CDD 5 Bytes JMP 0A93B2A0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77BF9D9F 5 Bytes JMP 0A93B2C0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_expand 77BF9FE5 5 Bytes JMP 0A93B230 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_heapadd 77BFBC9F 5 Bytes JMP 0A93B310 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_heapchk 77BFBCB3 5 Bytes JMP 0A93B320 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_heapset + 1 77BFBD83 4 Bytes JMP 0A93B351 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_heapmin 77BFBD8C 5 Bytes JMP 0A93B420 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_heapused 77BFBE3A 5 Bytes JMP 0A93B3F0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_heapwalk 77BFBE4D 5 Bytes JMP 0A93B360 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!_msize 77BFBF6C 5 Bytes JMP 0A93B180 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!calloc 77BFC0C3 5 Bytes JMP 0A93B110 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!free 77BFC21B 5 Bytes JMP 0A93B170 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!malloc 77BFC407 5 Bytes JMP 0A93B0D0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3144] msvcrt.dll!realloc 77BFC437 5 Bytes JMP 0A93B150 C:\WINDOWS\system32\SH33W32.dll
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [29, 5F]
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F160F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F100F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F220F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F190F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F250F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F130F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[3316] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3364] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3508] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\gmer-2.0.18444.exe[3680] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe[3756] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F280F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F040F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F070F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileWithProgressW 7C81F73E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 2 Bytes [26, 5F] {POP EDI}
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 5F190F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5F130F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 5F160F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileWithProgressA 7C835EF6 6 Bytes JMP 5F220F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5F100F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3936] WININET.dll!InternetDial 771C2D72 6 Bytes JMP 5F370F5A
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 64
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 41
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 2.0 ----
|
|
28.01.2013, 12:13
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pum disabledZitat:
XP mit SP2 und IE6 ist ein Stand von vor fast zehn Jahren!  Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ --> Pum disabled |
|
28.01.2013, 17:10
| #7 |
| | Pum disabled Bei Avira bin ich noch fündig geworden. Stand von vor 10 Jahren? So lange hab ich die Kiste noch gar nicht...http://www.trojaner-board.de/images/smilies/pfeiff.gif Code:
ATTFilter
Typ: Datei
Quelle: C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\nircmd.exe
Status: Infiziert
Quarantäne-Objekt: 5366fd2d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.10.238
Virendefinitionsdatei: 7.11.58.228
Meldung: Enthält Erkennungsmuster der Anwendung APPL/NirCmd.2
Datum/Uhrzeit: 28.01.2013, 16:59
Typ: Datei
Quelle: C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\67b70a94-77554337
Status: Infiziert
Quarantäne-Objekt: 5594ca9b.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.10.187
Virendefinitionsdatei: 7.11.48.144
Meldung: Enthält Erkennungsmuster des Exploits EXP/2010-0840.Q
Datum/Uhrzeit: 01.11.2012, 13:40
Typ: Datei
Quelle: E:\autorun.inf
Status: Infiziert
Quarantäne-Objekt: 4bdc5b51.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.01.156
Virendefinitionsdatei: 7.10.03.168
Meldung: Ist das Trojanische Pferd TR/VB.aqt.58
Datum/Uhrzeit: 02.02.2010, 18:03
Typ: Datei
Quelle: E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
Status: Infiziert
Quarantäne-Objekt: 4b965b4a.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.01.156
Virendefinitionsdatei: 7.10.03.168
Meldung: Ist das Trojanische Pferd TR/Agent.mswp.94
Datum/Uhrzeit: 02.02.2010, 18:03
Typ: Datei
Quelle: E:\Recycled\ctfmon.exe
Status: Infiziert
Quarantäne-Objekt: 4bce5b50.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.01.156
Virendefinitionsdatei: 7.10.03.168
Meldung: Ist das Trojanische Pferd TR/VB.AQT
Datum/Uhrzeit: 02.02.2010, 18:03
|
|
28.01.2013, 17:13
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pum disabledZitat:
Es geht um das Patchlevel von Windows XP, SP2/IE6 ist ein Stand auf dem Windows XP vor zehn Jahren aktuell war! 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.01.2013, 15:44
| #9 |
| | Pum disabled Hier kommt schon mal aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-29 15:23:18
-----------------------------
15:23:18.093 OS Version: Windows 5.1.2600 Service Pack 2
15:23:18.093 Number of processors: 1 586 0xD08
15:23:18.109 ComputerName: FUJITSU-5E160D1 UserName: FUJITSU-SIEMENS
15:23:24.000 Initialize success
15:23:36.140 AVAST engine download error: 0
15:23:41.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:23:41.859 Disk 0 Vendor: FUJITSU_MHV2080BH 00000025 Size: 76319MB BusType: 3
15:23:41.906 Disk 0 MBR read successfully
15:23:41.906 Disk 0 MBR scan
15:23:41.906 Disk 0 Windows XP default MBR code
15:23:41.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
15:23:41.921 Disk 0 scanning sectors +156280320
15:23:42.015 Disk 0 scanning C:\WINDOWS\system32\drivers
15:24:06.015 Service scanning
15:24:45.953 Modules scanning
15:25:16.484 Disk 0 trace - called modules:
15:25:16.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:25:16.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86784ab8]
15:25:16.859 3 CLASSPNP.SYS[f788f05b] -> nt!IofCallDriver -> \Device\00000067[0x867e2158]
15:25:16.859 5 ACPI.sys[f77e4620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8675ed98]
15:25:16.859 Scan finished successfully
15:28:39.171 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\MBR.dat"
15:28:39.171 The log file has been saved successfully to "C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\aswMBR.txt"
Code:
ATTFilter 16:00:56.0203 4028 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:00:56.0375 4028 ============================================================
16:00:56.0375 4028 Current date / time: 2013/01/29 16:00:56.0375
16:00:56.0375 4028 SystemInfo:
16:00:56.0375 4028
16:00:56.0375 4028 OS Version: 5.1.2600 ServicePack: 2.0
16:00:56.0375 4028 Product type: Workstation
16:00:56.0375 4028 ComputerName: FUJITSU-5E160D1
16:00:56.0375 4028 UserName: FUJITSU-SIEMENS
16:00:56.0375 4028 Windows directory: C:\WINDOWS
16:00:56.0375 4028 System windows directory: C:\WINDOWS
16:00:56.0375 4028 Processor architecture: Intel x86
16:00:56.0375 4028 Number of processors: 1
16:00:56.0375 4028 Page size: 0x1000
16:00:56.0375 4028 Boot type: Normal boot
16:00:56.0375 4028 ============================================================
16:00:58.0203 4028 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:00:58.0234 4028 ============================================================
16:00:58.0234 4028 \Device\Harddisk0\DR0:
16:00:58.0265 4028 MBR partitions:
16:00:58.0265 4028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
16:00:58.0265 4028 ============================================================
16:00:58.0296 4028 C: <-> \Device\Harddisk0\DR0\Partition1
16:00:58.0296 4028 ============================================================
16:00:58.0296 4028 Initialize success
16:00:58.0296 4028 ============================================================
16:01:25.0515 3144 ============================================================
16:01:25.0515 3144 Scan started
16:01:25.0515 3144 Mode: Manual; SigCheck; TDLFS;
16:01:25.0515 3144 ============================================================
16:01:27.0078 3144 ================ Scan system memory ========================
16:01:27.0093 3144 System memory - ok
16:01:27.0093 3144 ================ Scan services =============================
16:01:27.0234 3144 [ FA37437F9708605E35A15E3073700FA9 ] 0190_0900_Warner_MonitorService C:\PROGRA~1\0190WA~1\w0svc.exe
16:01:27.0343 3144 0190_0900_Warner_MonitorService ( UnsignedFile.Multi.Generic ) - warning
16:01:27.0343 3144 0190_0900_Warner_MonitorService - detected UnsignedFile.Multi.Generic (1)
16:01:27.0437 3144 Abiosdsk - ok
16:01:27.0453 3144 abp480n5 - ok
16:01:27.0531 3144 [ 582D30BFCA778872655136018DE00572 ] accvssvc C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
16:01:27.0593 3144 accvssvc ( UnsignedFile.Multi.Generic ) - warning
16:01:27.0593 3144 accvssvc - detected UnsignedFile.Multi.Generic (1)
16:01:27.0640 3144 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:01:29.0093 3144 ACPI - ok
16:01:29.0140 3144 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:01:29.0296 3144 ACPIEC - ok
16:01:29.0328 3144 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
16:01:29.0343 3144 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0343 3144 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
16:01:29.0484 3144 [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
16:01:29.0515 3144 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
16:01:29.0515 3144 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
16:01:29.0625 3144 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:01:29.0640 3144 AdobeFlashPlayerUpdateSvc - ok
16:01:29.0640 3144 adpu160m - ok
16:01:29.0718 3144 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:01:29.0906 3144 aec - ok
16:01:29.0968 3144 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:01:30.0015 3144 AFD - ok
16:01:30.0015 3144 Aha154x - ok
16:01:30.0031 3144 aic78u2 - ok
16:01:30.0031 3144 aic78xx - ok
16:01:30.0062 3144 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:01:30.0218 3144 Alerter - ok
16:01:30.0250 3144 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe
16:01:30.0343 3144 ALG - ok
16:01:30.0359 3144 AliIde - ok
16:01:30.0359 3144 amsint - ok
16:01:30.0453 3144 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
16:01:30.0468 3144 AntiVirSchedulerService - ok
16:01:30.0531 3144 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
16:01:30.0546 3144 AntiVirService - ok
16:01:30.0703 3144 [ 1FC8A7E5C3AED31F00940C6AB2FD9B49 ] APL531 C:\WINDOWS\system32\Drivers\ov550i.sys
16:01:30.0781 3144 APL531 ( UnsignedFile.Multi.Generic ) - warning
16:01:30.0781 3144 APL531 - detected UnsignedFile.Multi.Generic (1)
16:01:30.0781 3144 AppMgmt - ok
16:01:30.0796 3144 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:01:30.0968 3144 Arp1394 - ok
16:01:31.0000 3144 [ 875F9079CABEE679D34B49E466B61701 ] Asapi C:\WINDOWS\system32\drivers\Asapi.sys
16:01:31.0015 3144 Asapi ( UnsignedFile.Multi.Generic ) - warning
16:01:31.0015 3144 Asapi - detected UnsignedFile.Multi.Generic (1)
16:01:31.0015 3144 asc - ok
16:01:31.0031 3144 asc3350p - ok
16:01:31.0031 3144 asc3550 - ok
16:01:31.0140 3144 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:01:31.0156 3144 aspnet_state - ok
16:01:31.0171 3144 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:01:31.0312 3144 AsyncMac - ok
16:01:31.0343 3144 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:01:31.0500 3144 atapi - ok
16:01:31.0500 3144 Atdisk - ok
16:01:31.0546 3144 [ A2093ED04D20F3ACA0C0D348234C6998 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:01:31.0593 3144 Ati HotKey Poller - ok
16:01:31.0656 3144 [ 99F6DB087497F55D5F8D971F7689F054 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:01:31.0796 3144 ati2mtag - ok
16:01:31.0859 3144 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:01:32.0015 3144 Atmarpc - ok
16:01:32.0031 3144 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:01:32.0187 3144 AudioSrv - ok
16:01:32.0250 3144 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:01:32.0390 3144 audstub - ok
16:01:32.0437 3144 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:01:32.0437 3144 avgio - ok
16:01:32.0484 3144 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:01:32.0500 3144 avgntflt - ok
16:01:32.0515 3144 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:01:32.0515 3144 avipbb - ok
16:01:32.0562 3144 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:01:32.0718 3144 Beep - ok
16:01:32.0765 3144 [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS C:\WINDOWS\system32\qmgr.dll
16:01:33.0000 3144 BITS - ok
16:01:33.0046 3144 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll
16:01:33.0203 3144 Browser - ok
16:01:33.0250 3144 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:01:33.0390 3144 cbidf2k - ok
16:01:33.0437 3144 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:01:33.0578 3144 CCDECODE - ok
16:01:33.0593 3144 cd20xrnt - ok
16:01:33.0609 3144 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:01:33.0750 3144 Cdaudio - ok
16:01:33.0781 3144 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:01:33.0953 3144 Cdfs - ok
16:01:34.0000 3144 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:01:34.0156 3144 Cdrom - ok
16:01:34.0156 3144 Changer - ok
16:01:34.0171 3144 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:01:34.0328 3144 CiSvc - ok
16:01:34.0343 3144 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:01:34.0500 3144 ClipSrv - ok
16:01:34.0546 3144 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:01:34.0562 3144 clr_optimization_v2.0.50727_32 - ok
16:01:34.0625 3144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:01:34.0640 3144 clr_optimization_v4.0.30319_32 - ok
16:01:34.0687 3144 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:01:34.0843 3144 CmBatt - ok
16:01:34.0859 3144 CmdIde - ok
16:01:34.0875 3144 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:01:35.0031 3144 Compbatt - ok
16:01:35.0031 3144 COMSysApp - ok
16:01:35.0046 3144 Cpqarray - ok
16:01:35.0093 3144 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:01:35.0265 3144 CryptSvc - ok
16:01:35.0281 3144 dac2w2k - ok
16:01:35.0281 3144 dac960nt - ok
16:01:35.0343 3144 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:01:35.0421 3144 DcomLaunch - ok
16:01:35.0484 3144 [ 69F986B2688BA95A0D9362B0E233D5FF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:01:35.0625 3144 Dhcp - ok
16:01:35.0640 3144 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:35.0828 3144 Disk - ok
16:01:35.0828 3144 dmadmin - ok
16:01:35.0921 3144 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:01:36.0125 3144 dmboot - ok
16:01:36.0156 3144 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:01:36.0312 3144 dmio - ok
16:01:36.0359 3144 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:01:36.0515 3144 dmload - ok
16:01:36.0531 3144 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll
16:01:36.0671 3144 dmserver - ok
16:01:36.0718 3144 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:01:36.0859 3144 DMusic - ok
16:01:36.0921 3144 [ D1F5B71BBAEEE07B78980DBD878C0BC7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:01:37.0078 3144 Dnscache - ok
16:01:37.0078 3144 dpti2o - ok
16:01:37.0109 3144 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:01:37.0265 3144 drmkaud - ok
16:01:37.0312 3144 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:01:37.0453 3144 ERSvc - ok
16:01:37.0500 3144 [ A07CA23EA361A01E627D911CF139B950 ] Eventlog C:\WINDOWS\system32\services.exe
16:01:37.0593 3144 Eventlog - ok
16:01:37.0656 3144 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll
16:01:37.0703 3144 EventSystem - ok
16:01:37.0765 3144 Fabs - ok
16:01:37.0812 3144 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:01:37.0968 3144 Fastfat - ok
16:01:38.0000 3144 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:01:38.0140 3144 FastUserSwitchingCompatibility - ok
16:01:38.0156 3144 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:01:38.0296 3144 Fdc - ok
16:01:38.0343 3144 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:01:38.0500 3144 Fips - ok
16:01:38.0656 3144 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
16:01:38.0921 3144 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:01:38.0921 3144 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:01:38.0953 3144 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:01:39.0093 3144 Flpydisk - ok
16:01:39.0140 3144 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:01:39.0296 3144 FltMgr - ok
16:01:39.0421 3144 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:01:39.0421 3144 FontCache3.0.0.0 - ok
16:01:39.0437 3144 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:01:39.0593 3144 Fs_Rec - ok
16:01:39.0609 3144 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:01:39.0750 3144 Ftdisk - ok
16:01:39.0796 3144 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:01:39.0953 3144 Gpc - ok
16:01:40.0031 3144 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
16:01:40.0046 3144 gupdate - ok
16:01:40.0046 3144 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
16:01:40.0062 3144 gupdatem - ok
16:01:40.0109 3144 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
16:01:40.0125 3144 gusvc - ok
16:01:40.0156 3144 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
16:01:40.0203 3144 HdAudAddService - ok
16:01:40.0250 3144 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:01:40.0281 3144 HDAudBus - ok
16:01:40.0359 3144 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:01:40.0515 3144 helpsvc - ok
16:01:40.0515 3144 HidServ - ok
16:01:40.0562 3144 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:01:40.0859 3144 HidUsb - ok
16:01:40.0859 3144 hpn - ok
16:01:40.0906 3144 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:01:41.0078 3144 HPZid412 - ok
16:01:41.0093 3144 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:01:41.0171 3144 HPZipr12 - ok
16:01:41.0187 3144 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:01:41.0250 3144 HPZius12 - ok
16:01:41.0328 3144 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:01:41.0390 3144 HTTP - ok
16:01:41.0421 3144 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:01:41.0593 3144 HTTPFilter - ok
16:01:41.0593 3144 i2omgmt - ok
16:01:41.0593 3144 i2omp - ok
16:01:41.0640 3144 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:01:41.0796 3144 i8042prt - ok
16:01:41.0921 3144 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:01:42.0000 3144 idsvc - ok
16:01:42.0078 3144 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
16:01:42.0093 3144 IJPLMSVC - ok
16:01:42.0187 3144 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:01:42.0343 3144 Imapi - ok
16:01:42.0375 3144 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe
16:01:42.0531 3144 ImapiService - ok
16:01:42.0531 3144 ini910u - ok
16:01:42.0750 3144 [ 1265393299A72ADA509F5973040BB93F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:01:43.0203 3144 IntcAzAudAddService - ok
16:01:43.0218 3144 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:01:43.0359 3144 IntelIde - ok
16:01:43.0406 3144 [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:01:43.0546 3144 intelppm - ok
16:01:43.0578 3144 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:01:43.0718 3144 Ip6Fw - ok
16:01:43.0781 3144 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:01:43.0906 3144 IpFilterDriver - ok
16:01:43.0937 3144 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:01:44.0062 3144 IpInIp - ok
16:01:44.0078 3144 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:01:44.0437 3144 IpNat - ok
16:01:44.0500 3144 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:01:44.0640 3144 IPSec - ok
16:01:44.0671 3144 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:01:44.0781 3144 IRENUM - ok
16:01:44.0843 3144 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:01:44.0984 3144 isapnp - ok
16:01:45.0015 3144 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:01:45.0156 3144 Kbdclass - ok
16:01:45.0203 3144 [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:01:45.0359 3144 kbdhid - ok
16:01:45.0375 3144 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:01:45.0531 3144 kmixer - ok
16:01:45.0562 3144 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:01:45.0625 3144 KSecDD - ok
16:01:45.0640 3144 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:01:46.0218 3144 lanmanserver - ok
16:01:46.0250 3144 [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:01:46.0296 3144 lanmanworkstation - ok
16:01:46.0296 3144 lbrtfdc - ok
16:01:46.0328 3144 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:01:46.0484 3144 LmHosts - ok
16:01:46.0531 3144 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:01:46.0546 3144 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
16:01:46.0546 3144 MarvinBus - detected UnsignedFile.Multi.Generic (1)
16:01:46.0593 3144 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:01:46.0609 3144 MBAMProtector - ok
16:01:46.0671 3144 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:01:46.0687 3144 MBAMScheduler - ok
16:01:46.0781 3144 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
16:01:46.0828 3144 MBAMService - ok
16:01:47.0000 3144 mchInjDrv - ok
16:01:47.0046 3144 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:01:47.0187 3144 Messenger - ok
16:01:47.0234 3144 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:01:47.0390 3144 mnmdd - ok
16:01:47.0421 3144 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:01:47.0562 3144 mnmsrvc - ok
16:01:47.0609 3144 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:01:47.0750 3144 Modem - ok
16:01:47.0765 3144 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:01:47.0906 3144 Mouclass - ok
16:01:47.0953 3144 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:01:48.0093 3144 mouhid - ok
16:01:48.0109 3144 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:01:48.0234 3144 MountMgr - ok
16:01:48.0359 3144 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:01:48.0375 3144 MozillaMaintenance - ok
16:01:48.0375 3144 mraid35x - ok
16:01:48.0390 3144 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:01:48.0531 3144 MRxDAV - ok
16:01:48.0593 3144 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:01:48.0640 3144 MRxSmb - ok
16:01:48.0703 3144 [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:01:48.0859 3144 MSDTC - ok
16:01:48.0906 3144 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:01:49.0046 3144 Msfs - ok
16:01:49.0062 3144 MSIServer - ok
16:01:49.0093 3144 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:01:49.0234 3144 MSKSSRV - ok
16:01:49.0250 3144 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:01:49.0375 3144 MSPCLOCK - ok
16:01:49.0375 3144 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:01:49.0531 3144 MSPQM - ok
16:01:49.0578 3144 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:01:49.0718 3144 mssmbios - ok
16:01:49.0781 3144 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:01:49.0921 3144 MSTEE - ok
16:01:49.0953 3144 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:01:50.0093 3144 Mup - ok
16:01:50.0109 3144 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:01:50.0265 3144 NABTSFEC - ok
16:01:50.0390 3144 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:01:50.0546 3144 NDIS - ok
16:01:50.0562 3144 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:01:50.0718 3144 NdisIP - ok
16:01:50.0765 3144 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:01:50.0906 3144 NdisTapi - ok
16:01:50.0953 3144 [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:01:51.0625 3144 Ndisuio - ok
16:01:51.0671 3144 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:01:51.0843 3144 NdisWan - ok
16:01:51.0859 3144 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:01:52.0000 3144 NDProxy - ok
16:01:52.0015 3144 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:01:52.0171 3144 NetBIOS - ok
16:01:52.0187 3144 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:01:52.0343 3144 NetBT - ok
16:01:52.0390 3144 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:01:52.0531 3144 NetDDE - ok
16:01:52.0546 3144 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:01:52.0687 3144 NetDDEdsdm - ok
16:01:52.0703 3144 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:01:52.0828 3144 Netlogon - ok
16:01:52.0859 3144 [ CDF4DA6B518105343FE9E8AFBBF8FBF4 ] Netman C:\WINDOWS\System32\netman.dll
16:01:53.0000 3144 Netman - ok
16:01:53.0125 3144 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:01:53.0140 3144 NetTcpPortSharing - ok
16:01:53.0171 3144 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:01:53.0343 3144 NIC1394 - ok
16:01:53.0406 3144 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll
16:01:53.0484 3144 Nla - ok
16:01:53.0546 3144 [ B15E0180C43D8B5219196D76878CC2DD ] NPF C:\WINDOWS\system32\drivers\npf.sys
16:01:53.0546 3144 NPF - ok
16:01:53.0562 3144 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:01:53.0703 3144 Npfs - ok
16:01:53.0734 3144 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:01:53.0937 3144 Ntfs - ok
16:01:53.0968 3144 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:01:54.0093 3144 NtLmSsp - ok
16:01:54.0156 3144 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:01:54.0296 3144 NtmsSvc - ok
16:01:54.0328 3144 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:01:54.0484 3144 Null - ok
16:01:54.0515 3144 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:01:54.0671 3144 NwlnkFlt - ok
16:01:54.0687 3144 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:01:54.0843 3144 NwlnkFwd - ok
16:01:54.0859 3144 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:01:55.0000 3144 ohci1394 - ok
16:01:55.0031 3144 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:01:55.0171 3144 Parport - ok
16:01:55.0187 3144 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:01:55.0343 3144 PartMgr - ok
16:01:55.0375 3144 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:01:55.0515 3144 ParVdm - ok
16:01:55.0562 3144 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:01:55.0703 3144 PCI - ok
16:01:55.0718 3144 PCIDump - ok
16:01:55.0765 3144 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:01:55.0906 3144 PCIIde - ok
16:01:55.0953 3144 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:01:56.0093 3144 Pcmcia - ok
16:01:56.0093 3144 PDCOMP - ok
16:01:56.0109 3144 PDFRAME - ok
16:01:56.0109 3144 PDRELI - ok
16:01:56.0109 3144 PDRFRAME - ok
16:01:56.0125 3144 perc2 - ok
16:01:56.0125 3144 perc2hib - ok
16:01:56.0218 3144 [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay C:\WINDOWS\system32\services.exe
16:01:56.0281 3144 PlugPlay - ok
16:01:56.0328 3144 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
16:01:56.0328 3144 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:01:56.0328 3144 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:01:56.0343 3144 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:01:56.0484 3144 PolicyAgent - ok
16:01:56.0531 3144 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:01:56.0671 3144 PptpMiniport - ok
16:01:56.0671 3144 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:01:56.0812 3144 ProtectedStorage - ok
16:01:56.0843 3144 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:01:57.0000 3144 PSched - ok
16:01:57.0046 3144 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:01:57.0187 3144 Ptilink - ok
16:01:57.0218 3144 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:01:57.0234 3144 PxHelp20 - ok
16:01:57.0250 3144 ql1080 - ok
16:01:57.0250 3144 Ql10wnt - ok
16:01:57.0265 3144 ql12160 - ok
16:01:57.0265 3144 ql1240 - ok
16:01:57.0281 3144 ql1280 - ok
16:01:57.0312 3144 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:01:57.0468 3144 RasAcd - ok
16:01:57.0515 3144 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:01:57.0656 3144 RasAuto - ok
16:01:57.0671 3144 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:01:57.0812 3144 Rasl2tp - ok
16:01:57.0843 3144 [ A5D2D745A2AEFA327DCA6DA317B5FD70 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:01:57.0984 3144 RasMan - ok
16:01:58.0015 3144 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:01:58.0140 3144 RasPppoe - ok
16:01:58.0140 3144 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:01:58.0281 3144 Raspti - ok
16:01:58.0312 3144 [ 809CA45CAA9072B3176AD44579D7F688 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:01:58.0718 3144 Rdbss - ok
16:01:58.0734 3144 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:01:58.0875 3144 RDPCDD - ok
16:01:58.0921 3144 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:01:59.0328 3144 RDPWD - ok
16:01:59.0343 3144 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:01:59.0484 3144 RDSessMgr - ok
16:01:59.0515 3144 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:01:59.0656 3144 redbook - ok
16:01:59.0703 3144 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:01:59.0859 3144 RemoteAccess - ok
16:01:59.0906 3144 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe
16:02:00.0046 3144 RpcLocator - ok
16:02:00.0109 3144 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:02:00.0187 3144 RpcSs - ok
16:02:00.0234 3144 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:02:00.0406 3144 RSVP - ok
16:02:00.0453 3144 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
16:02:00.0515 3144 RTL8023xp - ok
16:02:00.0546 3144 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:02:00.0687 3144 rtl8139 - ok
16:02:00.0687 3144 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe
16:02:00.0828 3144 SamSs - ok
16:02:00.0875 3144 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:02:01.0031 3144 SCardSvr - ok
16:02:01.0093 3144 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:02:01.0234 3144 Schedule - ok
16:02:01.0265 3144 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:02:01.0343 3144 Secdrv - ok
16:02:01.0390 3144 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll
16:02:01.0531 3144 seclogon - ok
16:02:01.0562 3144 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll
16:02:01.0703 3144 SENS - ok
16:02:01.0734 3144 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:02:02.0156 3144 Serial - ok
16:02:02.0218 3144 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:02:02.0375 3144 Sfloppy - ok
16:02:02.0437 3144 [ 9245420422E409A25C1410ACB4244060 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:02:02.0578 3144 SharedAccess - ok
16:02:02.0609 3144 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:02:02.0750 3144 ShellHWDetection - ok
16:02:02.0750 3144 Simbad - ok
16:02:02.0781 3144 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:02:02.0921 3144 SLIP - ok
16:02:03.0000 3144 [ AF2C8104D58662FD0D3AD966BDA3157E ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
16:02:03.0078 3144 smserial - ok
16:02:03.0093 3144 Sparrow - ok
16:02:03.0140 3144 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:02:03.0281 3144 splitter - ok
16:02:03.0312 3144 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:02:03.0718 3144 Spooler - ok
16:02:03.0781 3144 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:02:03.0890 3144 sr - ok
16:02:03.0921 3144 [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice C:\WINDOWS\system32\srsvc.dll
16:02:04.0015 3144 srservice - ok
16:02:04.0093 3144 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:02:04.0140 3144 Srv - ok
16:02:04.0187 3144 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:02:04.0312 3144 SSDPSRV - ok
16:02:04.0359 3144 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:02:04.0359 3144 ssmdrv - ok
16:02:04.0390 3144 [ 7E751068ADA60FC77638622E86A7CD9E ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:02:04.0546 3144 stisvc - ok
16:02:04.0609 3144 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:02:04.0765 3144 streamip - ok
16:02:04.0781 3144 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:02:04.0937 3144 swenum - ok
16:02:04.0968 3144 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:02:05.0093 3144 swmidi - ok
16:02:05.0109 3144 SwPrv - ok
16:02:05.0109 3144 symc810 - ok
16:02:05.0125 3144 symc8xx - ok
16:02:05.0125 3144 sym_hi - ok
16:02:05.0125 3144 sym_u3 - ok
16:02:05.0187 3144 [ EBA71A1B7DB9F6E3F70C15A64817C53F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:02:05.0234 3144 SynTP - ok
16:02:05.0265 3144 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:02:05.0406 3144 sysaudio - ok
16:02:05.0468 3144 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:02:05.0609 3144 SysmonLog - ok
16:02:05.0625 3144 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:02:06.0062 3144 TapiSrv - ok
16:02:06.0109 3144 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:02:06.0187 3144 Tcpip - ok
16:02:06.0234 3144 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:02:06.0375 3144 TDPIPE - ok
16:02:06.0406 3144 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:02:06.0546 3144 TDTCP - ok
16:02:06.0593 3144 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:02:06.0734 3144 TermDD - ok
16:02:06.0765 3144 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll
16:02:06.0921 3144 TermService - ok
16:02:06.0953 3144 [ BAC5F7F0C2B8C1B9832594851E0F9914 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:02:07.0078 3144 Themes - ok
16:02:07.0078 3144 TosIde - ok
16:02:07.0109 3144 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:02:07.0453 3144 TrkWks - ok
16:02:07.0500 3144 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:02:07.0640 3144 Udfs - ok
16:02:07.0640 3144 ultra - ok
16:02:07.0703 3144 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:02:07.0859 3144 Update - ok
16:02:07.0906 3144 [ 09D4A2D7C5A8ABEC227D118765FAADDF ] upnphost C:\WINDOWS\System32\upnphost.dll
16:02:08.0000 3144 upnphost - ok
16:02:08.0015 3144 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe
16:02:08.0156 3144 UPS - ok
16:02:08.0203 3144 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:02:08.0343 3144 usbccgp - ok
16:02:08.0390 3144 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:02:08.0546 3144 usbehci - ok
16:02:08.0546 3144 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:02:08.0687 3144 usbhub - ok
16:02:08.0734 3144 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:02:08.0875 3144 usbprint - ok
16:02:08.0937 3144 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:02:09.0078 3144 usbscan - ok
16:02:09.0140 3144 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:02:09.0281 3144 USBSTOR - ok
16:02:09.0312 3144 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:02:09.0453 3144 usbuhci - ok
16:02:09.0515 3144 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
16:02:09.0640 3144 usbvideo - ok
16:02:09.0671 3144 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:02:09.0828 3144 VgaSave - ok
16:02:09.0828 3144 ViaIde - ok
16:02:09.0890 3144 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:02:10.0031 3144 VolSnap - ok
16:02:10.0078 3144 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe
16:02:10.0171 3144 VSS - ok
16:02:10.0359 3144 [ 9EE38FFCB4CBE5BEE6C305700DDC4725 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
16:02:10.0687 3144 w29n51 - ok
16:02:10.0750 3144 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll
16:02:10.0906 3144 W32Time - ok
16:02:10.0937 3144 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:02:11.0078 3144 Wanarp - ok
16:02:11.0093 3144 WDICA - ok
16:02:11.0109 3144 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:02:11.0265 3144 wdmaud - ok
16:02:11.0281 3144 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:02:11.0750 3144 WebClient - ok
16:02:11.0843 3144 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:02:12.0000 3144 winmgmt - ok
16:02:12.0046 3144 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:02:12.0140 3144 WmdmPmSN - ok
16:02:12.0187 3144 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:02:12.0343 3144 WmiAcpi - ok
16:02:12.0375 3144 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:02:12.0500 3144 WmiApSrv - ok
16:02:12.0609 3144 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
16:02:12.0703 3144 WMPNetworkSvc - ok
16:02:12.0921 3144 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:02:12.0968 3144 WPFFontCache_v0400 - ok
16:02:13.0062 3144 [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:02:13.0203 3144 wscsvc - ok
16:02:13.0234 3144 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:02:13.0375 3144 WSTCODEC - ok
16:02:13.0421 3144 [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:02:13.0546 3144 wuauserv - ok
16:02:13.0609 3144 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:02:13.0656 3144 WudfPf - ok
16:02:13.0671 3144 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:02:13.0703 3144 WudfRd - ok
16:02:13.0734 3144 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:02:13.0765 3144 WudfSvc - ok
16:02:13.0812 3144 [ EB52B74A5DAADC2CCA68B3E7D81007E6 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:02:14.0250 3144 WZCSVC - ok
16:02:14.0328 3144 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:02:14.0453 3144 xmlprov - ok
16:02:14.0468 3144 ================ Scan global ===============================
16:02:14.0515 3144 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
16:02:14.0562 3144 [ C296947D3213E36FA75BB9C345E879CC ] C:\WINDOWS\system32\winsrv.dll
16:02:14.0578 3144 [ C296947D3213E36FA75BB9C345E879CC ] C:\WINDOWS\system32\winsrv.dll
16:02:14.0609 3144 [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe
16:02:14.0609 3144 [Global] - ok
16:02:14.0609 3144 ================ Scan MBR ==================================
16:02:14.0625 3144 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
16:02:15.0078 3144 \Device\Harddisk0\DR0 - ok
16:02:15.0078 3144 ================ Scan VBR ==================================
16:02:15.0093 3144 [ 28281E0E75B54898BCCEAEFCA953A378 ] \Device\Harddisk0\DR0\Partition1
16:02:15.0093 3144 \Device\Harddisk0\DR0\Partition1 - ok
16:02:15.0093 3144 ============================================================
16:02:15.0093 3144 Scan finished
16:02:15.0093 3144 ============================================================
16:02:15.0203 2176 Detected object count: 9
16:02:15.0203 2176 Actual detected object count: 9
16:03:21.0140 2176 0190_0900_Warner_MonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0140 2176 0190_0900_Warner_MonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0140 2176 accvssvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0140 2176 accvssvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 APL531 ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:03:21.0156 2176 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:21.0156 2176 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.01.2013, 20:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pum disabled Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2013, 22:43
| #11 |
| | Pum disabled Nichts mehr gefunden...das lässt mich hoffen... Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 2 x86
Account is Administrative
Internet Explorer version: 6.0.2900.2180
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.700000 GHz
Memory total: 1073070080, free: 233742336
------------ Kernel report ------------
01/29/2013 21:20:07
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\w29n51.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\Rtlnicxp.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\Asapi.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\MarvinBus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\smserial.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\DOKUME~1\FUJITS~1\LOKALE~1\Temp\mc21.tmp
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86784ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8675ed98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.01.29.10
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86784ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff867c8d10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86784ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff867e2158, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8675ed98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe25eb3b0, 0xffffffff86784ab8, 0xffffffff8450aab8
Lower DeviceData: 0xffffffffe32e3d68, 0xffffffff8675ed98, 0xffffffff84566040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BEDCF41B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156280257
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 80026361856 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1AB.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\254.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\F2.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\104.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\106.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\10C.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\10E.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\11C.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\130.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\14C.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\15D.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\15E.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\173.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\174.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\176.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\178.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\17B.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\183.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\189.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\194.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1A1.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1A2.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1A7.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\F7.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\FC.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1B2.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1B5.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1B7.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1BB.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1CC.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1D7.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1E5.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1EA.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1EE.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1F0.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\1FB.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\20A.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\20C.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\211.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\221.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\228.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\22E.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\230.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\245.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\24F.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\258.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\266.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\268.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\269.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\26B.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\275.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\288.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\28A.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\28C.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\28E.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\295.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\296.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\29F.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2A2.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2A4.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2A5.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2AF.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2B3.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2BB.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2C4.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\2F4.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\312.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\351.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\3AC.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\67A.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\6ED.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\8.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\9.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\C3.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\CF.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\D1.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\DE.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\EB.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys\3C344E03-BF78-4a95-87E8-9A427FCDDBF9\F0.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\addr_file.html" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular\pica\elfo.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\service_error_info" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\history\history" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\icons\images_acrobat.gif" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\icons\images_imm.gif" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\icons\images_picasa.gif" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\icons\images_sd.gif" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater\icons\images_toolbar.gif" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Fotos_auf_CD_DVD_8_dlx\homeDVD-Fotos_dlx.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Fotos_auf_CD_DVD_8_dlx\installation.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Fotos_auf_CD_DVD_9_dlx\Fotos_dlx.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX\Fotos_auf_CD_DVD_9_dlx\installation.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100001.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100002.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100003.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100004.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100005.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100006.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100007.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100008.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100009.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100010.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100011.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100012.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100013.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100014.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100015.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100016.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100017.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100018.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100019.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100020.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100021.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100022.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100023.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100024.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100025.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100026.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100027.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100028.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100029.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100030.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100031.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100032.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100033.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100034.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100035.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100036.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100037.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100038.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100216.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100217.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100218.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100219.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100220.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100221.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100222.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100223.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100224.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100225.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100226.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100227.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100228.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100229.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100230.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100231.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100232.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100233.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100234.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100235.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100236.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100079.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100080.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100081.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100082.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100083.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100084.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100085.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100086.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100087.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100088.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100089.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100090.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100091.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100092.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100093.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100095.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100096.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100099.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100100.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100101.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100102.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100103.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100104.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100105.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100040.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100041.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100042.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100043.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100044.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100045.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100046.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100047.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100048.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100049.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100050.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100051.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100052.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100053.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100054.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100055.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100056.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100057.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100058.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100059.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100060.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100061.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100062.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100063.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100064.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100065.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100066.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100067.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100068.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100069.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100070.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100071.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100072.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100075.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100076.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100077.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100245.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100275.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100276.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100434.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100435.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100469.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100470.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100472.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100473.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100886.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\200010.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\2113.pp2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\30023.pp2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999701.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999801.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999994.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999996.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999997.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999998.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\999999.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\user.pu2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100163.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100164.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100165.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100166.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100167.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100168.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100169.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100170.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100171.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100172.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100173.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100174.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100175.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100176.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100177.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100178.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100192.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100193.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100198.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100203.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100208.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100209.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100210.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100214.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100039.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100078.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100106.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100162.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100215.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100240.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100107.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100109.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100110.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100111.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100112.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100113.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100114.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100115.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100116.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100117.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100118.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100119.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100120.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100121.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100122.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100123.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100129.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100135.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100138.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100139.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100141.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100142.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100143.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100144.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100145.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100148.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100149.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100150.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100151.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100153.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100154.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100155.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100156.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100157.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100158.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle\Pixie\100159.pf2" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuickTime\QuickTimeFavorites.qtr" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\cdplayer.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Logs\Checks.100111-1555.log" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp\rwstjg.tmp" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A2AFE646-BFB3-4901-8981-D88877D59264}\Firefox-3.6-GMX-Edition.dat" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A2AFE646-BFB3-4901-8981-D88877D59264}\Firefox-3.6-GMX-Edition.lan" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A2AFE646-BFB3-4901-8981-D88877D59264}\instance.dat" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B00EAAA7-F13E-4331-8129-65E59662AFA6}\GMX-Update.dat" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B00EAAA7-F13E-4331-8129-65E59662AFA6}\GMX-Update.lan" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B00EAAA7-F13E-4331-8129-65E59662AFA6}\instance.dat" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\Default User\Anwendungsdaten\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Adobe\AIR\eulaAccepted" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Adobe\Bridge\Adobe Bridge Keywords.abdata" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\AdobeUM\AcPro7_0_0.sta" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Ahead\NeroVision\GCHWCfg.bak" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Macromedia\Fireworks MX\Fireworks Language.txt" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Macromedia\Fireworks MX\Web_Log.htm" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Microsoft\Media Player\00B636F9.wpl" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Microsoft\Office\Imagin10.pip" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Microsoft\Office\Scanni10.pip" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Real\RealMediaSDK\c0a80100.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Programme\Gemeinsame Dateien\System\ado\MDACReadme.htm" is compressed (flags = 1)
Read File: File "c:\Programme\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Programme\Windows Media Player\dxva_sig.txt" is compressed (flags = 1)
Read File: File "c:\Programme\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Channels anzeigen.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\LuResult.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\iconcfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\QuickTime.qtp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\01.01.rm" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\pftAB~tmp\Desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\Verlauf\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\21U36JSB\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\4S2ZDNFY\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\ARQ5EDMP\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\G9AFK1U7\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\4OQG0C8O\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\61DJM3OF\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\M2JG8VCC\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\YLLULWLB\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\Verlauf\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\servic000.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\FixitPatchRegistration.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\minus.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\msg_error.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\plus.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\roundl_g.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\roundr_g.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\sort_down.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\sort_up.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\ul.gif" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\gisa0a86b\2.4.2432.1652\HTML\ur.gif" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\FUJITSU-SIEMENS\LuResult.txt" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Dokumente und Einstellungen\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Speed.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\DtcInstall.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\SCNDRVU.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\CD-Start.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\cdplayer.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\cmsetacl.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\6816BadPixelInfo.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\LOGFILE.TXT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Missing.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Windows.Forms.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.5000.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.5000.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Debug\blastcln.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1031\ConfigShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1031\WizardsShortcut.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system\CLEANUP.REG" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\RECYCLER\S-1-5-21-1123561945-790525478-839522115-1004\Dc427\Amway\NUTRILITE\werbung auto-Dateien\count.gif" is compressed (flags = 1)
Done!
Scan finished
=======================================
|
|
30.01.2013, 10:58
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pum disabled Anleitung nicht richtig gelesen? Du hast das Log gepostet was ich gerade nicht sehen wollte 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2013, 12:14
| #13 |
| | Pum disabled Jaja, wer lesen kann ist klar im Vorteil... Es hatte mich etwas verwirrt, dass nichts zum "clearen" da war, und es nicht zum Neustart kam. Hier nun das richtige Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.01.29.10
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
FUJITSU-SIEMENS :: FUJITSU-5E160D1 [administrator]
29.01.2013 22:22:06
mbar-log-2013-01-29 (22-22-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28433
Time elapsed: 1 hour(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
30.01.2013, 12:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pum disabled adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 10:05
| #15 |
| | Pum disabled Hier der Text von adwcleaner: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 31/01/2013 um 10:01:40 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 2 (32 bits)
# Benutzer : FUJITSU-SIEMENS - FUJITSU-5E160D1
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\DOKUME~1\FUJITS~1\LOKALE~1\Temp\Uninstall.exe
Datei Gefunden : C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\searchplugins\11-suche.xml
Ordner Gefunden : C:\DOKUME~1\FUJITS~1\LOKALE~1\Temp\Smartbar
Ordner Gefunden : C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\extensions\helperbar@helperbar.com
Ordner Gefunden : C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\OpenCandy
Ordner Gefunden : C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Lokale Einstellungen\Anwendungsdaten\Smartbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\SmartbarBackup
Schlüssel Gefunden : HKCU\Software\SmartbarLog
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.2180
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Dokumente und Einstellungen\FUJITSU-SIEMENS\Anwendungsdaten\Mozilla\Firefox\Profiles\2rvf2n6o.default\prefs.js
Gefunden : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
*************************
AdwCleaner[R1].txt - [3151 octets] - [31/01/2013 10:01:40]
########## EOF - C:\AdwCleaner[R1].txt - [3211 octets] ##########
|
|
| Themen zu Pum disabled |
| disable, disabled, extra, gmer, helfer, hoffe, instalieren, komplett, lösung, mbam, neu, pum.disabled, rechner, retten, schnelle, troja, trojaner |
Linear-Darstellung
