| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-AuslastungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2013, 20:36
| #1 |
 |  Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Moin Moin aus Flensburg! Mein Windows XP Prof 32-bit SP 3 startet seit einiger Zeit mit einer merkwürdigen Pause von einigen Sekunden (schwarzer Bildschirm) zwischen dem Erscheinen des Laufbalken und dem Win Logo mit der Meldung "Windows" wird gestartet. Nach Auswahl des Benutzerkontos legt das System wieder eine Pause ein (was es früher nicht machte), startet dann, aber der Bildschirmaufbau des Zweimonitorsystems ist langsam (manchmal ruckelig, zeilenweise) und manchmal zeigt der Process Explorer von Sysinternals eine komplette Auslastung der CPUs, was aber nicht programmspezifisch ist. Hier noch ein paar Angaben zum Rechner: Betriebssystem MS Windows XP Professional 32-bit SP3 CPU Intel Core 2 Duo E6750 @ 2.66GHz 49° C Conroe 65nm Technologie RAM 4.0GB Dual-Kanal DDR2 @ 399MHz (5-5-5-18) Motherboard Intel Corporation DG33TL (J1PR) Grafik SyncMaster (1600x1200@60Hz) SyncMaster (1600x1200@60Hz) Matrox Millennium P650 PCIe 128 Festplatten 488GB FUJITSU MAXTOR STM3500630AS (SATA) 42° C 488GB FUJITSU MAXTOR STM3500630AS (SATA) 37° C 488GB FUJITSU MAXTOR STM3500630AS (SATA) 38° C 488GB FUJITSU MAXTOR STM3500630AS (SATA) 40° C 488GB FUJITSU MAXTOR STM3500630AS (SATA) 37° C Optische Laufwerke PLEXTOR DVDR PX-810SA Audio SigmaTel High Definition Audio CODEC Weiß jemand Rat? Beste Grüße Gerhard |
|
04.03.2013, 20:18
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Hallo,
__________________Zitat:
Was wurde am System bevor das auftrat verändert? "nichts"?  Zitat:
__________________ |
|
06.03.2013, 13:36
| #3 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Sorry für die verspätete Antwort (eine Grippe hat mich ins Bett gezwungen). Am System habe ich nichts geändert (weder Hard- noch Software), wenn man von regelmäßigen OS- und Programm-Updates absieht. Die fünf SATA-Platten laufen einzeln: 1 OS 2 Arbeitsdaten 3 Bilderdaten 4 Kopie der Arbeitsdaten 5 Kopie der Bilderdaten
__________________ |
|
06.03.2013, 13:43
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-AuslastungZitat:
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.03.2013, 13:52
| #5 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Die Datensicherung der internen Platten läuft alle drei Arbeitstage. Und monatlich werden die Daten auf externe Festplatten ausgelagert (die nicht hier im Hause aufbwahrt werden). So nun ich will mal die Anleitungen befolgen. Geändert von SchmerlenOtt (06.03.2013 um 13:57 Uhr) |
|
06.03.2013, 14:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ --> Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung |
|
06.03.2013, 14:36
| #7 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Ok. OTL-Scan läuft (ich nehme mal an, dass das extrem langsam geht, kann ich nicht beeinflussen). |
|
06.03.2013, 14:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Genau solche Zwischenrufe sein lassen! Poste erst wenn du das Log hast! Solche Zwischenrufe sind unnötiger Zeitaufwand für mich!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2013, 17:56
| #9 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung OTL.TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.03.2013 14:23:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Sandbox-Ausgang Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 77,69% Memory free 13,83 Gb Paging File | 13,04 Gb Available in Paging File | 94,33% Paging File free Paging file location(s): C:\pagefile.sys 5371 5371G:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,76 Gb Total Space | 424,47 Gb Free Space | 91,14% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 421,64 Gb Free Space | 90,53% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 149,10 Gb Free Space | 32,01% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 419,37 Gb Free Space | 90,04% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 139,99 Gb Free Space | 30,06% Space Free | Partition Type: NTFS Computer Name: SACHFACH | User Name: Gerhard Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Q-Dir\Q-Dir.exe (Nenad Hrg (SoftwareOK.com)) PRC - C:\Programme\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd) PRC - C:\Programme\UltraMon\UltraMon.exe (Realtime Soft Ltd) PRC - C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender) PRC - C:\Programme\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) PRC - C:\Programme\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - D:\Sandbox-Ausgang\OTL.exe (OldTimer Tools) PRC - C:\Programme\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender) PRC - C:\WINDOWS\system32\lxeacoms.exe ( ) PRC - c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe (Matrox Graphics Inc.) PRC - c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe (Matrox Graphics Inc) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\bdmetrics.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\avc3al.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui () MOD - C:\Programme\Bitdefender\Bitdefender 2012\UI\accessl.ui () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\asimf.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl () MOD - C:\Programme\Bitdefender\Bitdefender 2012\procinfo.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\connector.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\excludemgr.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\framework.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\strdecoder.dll () MOD - C:\Programme\Bitdefender\Bitdefender 2012\txmlutil.dll () MOD - \\?\C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Threat Scanner\trufos.dll () MOD - C:\Programme\StarMoney 8.0 S-Edition\ouservice\patchw32.dll () MOD - C:\Programme\Unlocker\UnlockerCOM.dll () MOD - C:\WINDOWS\system32\LXEAPMON.DLL () MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeadrpp.dll () MOD - C:\WINDOWS\system32\LXEAoem.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (vsserv) -- C:\Programme\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (UPDATESRV) -- C:\Programme\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender) SRV - (Update Server) -- C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (lxea_device) -- C:\WINDOWS\system32\lxeacoms.exe ( ) SRV - (lxeaCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe () SRV - (Matrox Centering Service) -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe (Matrox Graphics Inc.) SRV - (Matrox.Pdesk.ServicesHost) -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe (Matrox Graphics Inc) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender) DRV - (avchv) -- C:\WINDOWS\system32\drivers\avchv.sys (BitDefender) DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (UltraMonUtility) -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd) DRV - (bdselfpr) -- C:\Programme\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender LLC) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (bdsandbox) -- C:\WINDOWS\system32\drivers\bdsandbox.sys (BitDefender SRL) DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.) DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys () DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_bus) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (BDVEDISK) -- C:\WINDOWS\system32\drivers\bdvedisk.sys (BitDefender) DRV - (cxbu0wdm) -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys (OMNIKEY) DRV - (Mtxparmx) -- C:\WINDOWS\system32\drivers\mtxparmx.sys (Matrox Graphics Inc.) DRV - (MTXPAR) -- C:\WINDOWS\system32\drivers\MTXPARM.sys (Matrox Graphics Inc.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH) DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.) DRV - (ElbyCDFL) -- C:\WINDOWS\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (MTXPARH) -- C:\WINDOWS\system32\drivers\mtxparhm.sys (Matrox Graphics Inc.) DRV - (X-Rite) -- C:\WINDOWS\system32\drivers\XrUsb.sys (X-Rite, Inc.) DRV - (SMBios) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-879983540-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1659004503-879983540-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1659004503-879983540-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1659004503-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1659004503-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1659004503-879983540-682003330-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1659004503-879983540-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.11 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Programme\TabletPlugins\npwacom.dll File not found FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Programme\TabletPlugins\npwacom.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.20 19:54:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.21 16:33:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.02.20 17:13:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013.02.21 16:33:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Programme\Bitdefender\Bitdefender 2012\bdtbext\ [2010.08.29 12:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Extensions [2010.08.10 13:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.29 12:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.02.25 18:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions [2013.02.25 18:52:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.08 18:20:28 | 000,455,379 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013.02.25 18:52:49 | 000,342,692 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.02.24 13:05:37 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.08 08:22:32 | 000,068,257 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2012.10.24 20:36:57 | 000,698,867 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\wyb5vxgg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.02.20 19:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.20 19:54:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.25 11:56:30 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.09.10 18:07:55 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 19:12:39 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.10 18:07:55 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.10 18:07:55 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.10 18:07:55 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.10 18:07:55 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1659004503-879983540-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1659004503-879983540-682003330-1007..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2012.12.23 14:35:48 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico () O4 - Startup: C:\Dokumente und Einstellungen\Gerhard Admin\Startmenü\Programme\Autostart\AutorunsDisabled [2012.03.20 13:47:55 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1659004503-879983540-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-21-1659004503-879983540-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKU\S-1-5-21-1659004503-879983540-682003330-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1659004503-879983540-682003330-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354982292937 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354982385421 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D37A496-7926-44AB-988C-B3AEA35DBAC4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O27 - HKLM IFEO\taskmgr.exe: Debugger - E:\A R C H I V\SOFTWAREAKTUALISIERUNGEN\TOOLS\SYSINTERNALS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.09 17:21:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 12:13:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\FreeFileSync [2013.03.04 12:13:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FreeFileSync [2013.03.04 12:13:09 | 000,000,000 | ---D | C] -- C:\Programme\FreeFileSync [2013.03.03 22:59:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2013.03.02 17:15:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Admin\Eigene Dateien\PersBackup [2013.03.02 17:14:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\PersBackup5 [2013.03.02 17:14:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Personal Backup [2013.03.02 17:14:39 | 000,000,000 | ---D | C] -- C:\Programme\Personal Backup 5 [2013.02.28 22:48:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Gerhard Admin\Recent [2013.02.28 04:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Matrox Graphics Inc [2013.02.28 04:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc [2013.02.28 04:27:23 | 000,000,000 | ---D | C] -- C:\Programme\Matrox Graphics Inc [2013.02.26 23:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2013.02.24 13:01:13 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2013.02.21 17:48:04 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.02.21 17:48:03 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.02.21 17:47:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.02.21 17:47:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.02.21 17:47:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.02.21 17:47:37 | 000,000,000 | ---D | C] -- C:\Programme\Java [2013.02.20 19:54:13 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.20 17:13:04 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.06 16:04:07 | 000,011,408 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini [2013.03.06 14:14:23 | 000,000,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Desktop\Verknüpfung mit OTL.exe.lnk [2013.03.06 14:07:53 | 000,012,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.03.06 14:06:06 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2013.03.06 14:03:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.06 12:27:01 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml [2013.03.06 12:19:17 | 000,005,290 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2013.03.05 17:48:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2013.03.04 12:15:21 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FreeFileSync.lnk [2013.03.02 19:53:04 | 002,604,911 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Eigene Dateien\AutoRuns 2013-03-02.arn [2013.03.02 17:14:42 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Personal Backup 5.lnk [2013.03.01 17:37:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013.02.28 23:04:20 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.28 23:04:20 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.26 16:26:19 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.26 16:26:18 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.26 16:26:18 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.21 22:12:27 | 000,002,181 | ---- | M] () -- C:\WINDOWS\Helicon Debug Window.ini [2013.02.21 17:47:43 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.02.21 17:47:42 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.02.21 17:47:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.02.21 17:47:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.02.21 17:47:42 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.02.21 17:47:41 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.02.21 17:47:41 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.02.13 15:06:04 | 001,420,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.13 14:37:26 | 000,665,020 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.13 14:37:26 | 000,580,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.13 14:37:26 | 000,154,822 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.13 14:37:26 | 000,113,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.06 14:14:23 | 000,000,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Desktop\Verknüpfung mit OTL.exe.lnk [2013.03.04 12:13:14 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FreeFileSync.lnk [2013.03.02 19:53:00 | 002,604,911 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Eigene Dateien\AutoRuns 2013-03-02.arn [2013.03.02 17:14:42 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Personal Backup 5.lnk [2013.01.10 14:39:32 | 000,219,376 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.12.04 22:02:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012.05.30 13:17:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe [2012.05.28 15:05:54 | 000,002,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\.powerupdate.user.properties [2012.05.01 14:07:29 | 000,190,665 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1335877491.bdinstall.bin [2012.05.01 13:59:17 | 000,022,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1335877152.bdinstall.bin [2012.05.01 13:57:38 | 000,138,665 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1335876736.bdinstall.bin [2012.04.10 18:20:05 | 000,011,408 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini [2012.02.14 23:11:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.04 22:45:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATM.INI [2011.12.16 13:28:08 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEQCAL.SYS [2011.12.16 13:28:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Mplps.dll [2011.06.13 15:27:25 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\search_result.xml [2011.06.04 19:51:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat [2011.06.04 19:51:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat [2011.02.11 13:23:58 | 000,080,427 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin [2010.12.17 17:11:02 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\clipboardmanager.ini [2010.11.09 22:08:27 | 000,000,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\default.pls [2010.09.24 15:10:58 | 000,786,622 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1659004503-879983540-682003330-1003-0.dat [2010.09.24 15:10:57 | 000,314,070 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.09.22 16:52:25 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\$_hpcst$.hpc [2010.09.21 10:07:05 | 000,000,850 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\AnwendungsdatenProductTweaks.xml [2010.09.10 13:42:01 | 000,000,081 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.09.09 14:32:17 | 000,000,385 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdatenuser_gensett.xml [2010.08.25 19:17:18 | 000,000,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdatenprivacy.xml [2010.08.16 11:18:57 | 000,000,406 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2010.08.16 10:51:47 | 000,020,531 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T09F8 [2010.08.14 21:05:28 | 000,027,648 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.10 01:19:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.07.08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\LinkInstaller.exe ========== ZeroAccess Check ========== [2010.08.10 01:15:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\Gerhard Admin\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338 < End of report > EXTRAS.TXTOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.03.2013 14:23:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Sandbox-Ausgang
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 77,69% Memory free
13,83 Gb Paging File | 13,04 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): C:\pagefile.sys 5371 5371G:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,76 Gb Total Space | 424,47 Gb Free Space | 91,14% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 421,64 Gb Free Space | 90,53% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 149,10 Gb Free Space | 32,01% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 419,37 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 139,99 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Computer Name: SACHFACH | User Name: Gerhard Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1659004503-879983540-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server -- ( )
"C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"D:\Sandbox-Ausgang\SweetImSetup.exe" = D:\Sandbox-Ausgang\SweetImSetup.exe:*:Enabled:SweetIM Installer
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Programme\VLC Media Player\VLC\vlc.exe" = C:\Programme\VLC Media Player\VLC\vlc.exe:*:Enabled:VLC media player
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" = C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe:*:Enabled:StarMoney 8.0 OnlineUpdate -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe" = C:\Programme\StarMoney 8.0 S-Edition\app\StarMoney.exe:*:Enabled:StarMoney 8.0 -- (Star Finanz - Software Entwicklung und Vertriebs GmbH)
"C:\Programme\Kabel Deutschland\Installations-Software\KDI.exe" = C:\Programme\Kabel Deutschland\Installations-Software\KDI.exe:*:Enabled:Kabel Deutschland Installer -- (mquadr.at software engineering & consulting GmbH)
"M:\fsetup.exe" = M:\fsetup.exe:*:Enabled:AVM FSetup Application
"D:\Zwischenlager\phraseexpress.exe" = D:\Zwischenlager\phraseexpress.exe:*:Enabled:PhraseExpress
"H:\Liberkey\LiberKey\MyApps\Phraseexpress\phraseexpress.exe" = H:\Liberkey\LiberKey\MyApps\Phraseexpress\phraseexpress.exe:*:Enabled:PhraseExpress -- (Bartels Media GmbH)
"C:\Programme\CmapTools IHMC\jre\bin\javaw.exe" = C:\Programme\CmapTools IHMC\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Gerhard Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\PhraseExpress\PhraseExpress.exe" = C:\Programme\PhraseExpress\PhraseExpress.exe:*:Enabled:PhraseExpress -- (Bartels Media GmbH)
"C:\Programme\BlueSoleil\BlueSoleil_.exe" = C:\Programme\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2072844E-635C-4A37-AB67-F886B89DAB53}" = StarMoney 8.0 S-Edition
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{248057F8-58C8-4E44-9182-9AF85DF787FC}" = Adobe Setup
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.0.4014
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36B107C0-F8AD-42D5-B0CD-58035C5A4B47}" = Duden Korrektor PLUS Update
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56A3E6C9-919E-4578-ACBE-F1A5C7B99A90}" = DesignCAD 3D Max 18
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5CF1F472-846B-44E8-9750-A2112DA32CB6}" = MemoMaster 4
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}" = ScanSoft PDF Create! 4
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B0A882B-3AB7-45FE-B1E1-9A832413D699}" = MonacoOPTIX 2.0
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9069EE0A-7615-4D86-AD80-CA263E936DA6}" = UltraMon
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A45C5EC7-F13E-4414-99BE-47373935C0FE}" = Eraser 6.0.10.2620
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABF76CA-D460-42F0-BB2C-80DF44E8850F}" = Adobe Creative Suite 3 Design Standard
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxWare 10 Beta 9 (32-bit)
"{BB3E446F-A88E-4D91-9905-9138965561E3}" = Matrox PowerDesk-SE
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0
"{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}" = ScanSoft OmniPage 16
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAC2DDAB-5035-44EE-AA13-65D40CF46FF1}" = Kabel Deutschland Installations-Software
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F3586612-687E-4F67-B070-CB511E18B5B3}" = calibre
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1PW" = 1PW Passwortverwaltung
"7-Zip" = 7-Zip 9.20
"ac'tivAid" = ac'tivAid v1.3.2.dev42
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c5cbed37a01f242ac41d8f4528b7a0d" = Adobe Creative Suite 3 Design Standard hinzufügen oder entfernen
"AnyDVD" = AnyDVD
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bitdefender" = Bitdefender Antivirus Plus 2012
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Converber" = Converber 2.3.1
"Defraggler" = Defraggler
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DYMO Label v.8" = DYMO Label v.8
"eminecMYmap" = eminec MYmap v.5
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"FreeFileSync" = FreeFileSync 5.12
"FRITZ! 2.0" = AVM FRITZ!
"HECI" = Intel(R) Management Engine Interface
"Helicon Filter_is1" = Helicon Filter 4.93.2
"ie8" = Windows Internet Explorer 8
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Kabel Deutschland Installations-Software" = Kabel Deutschland Installations-Software
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"LimanPro1" = Liman Pro 1.0
"MapCreator 2" = MapCreator 2
"Matrox XPDM Uninstaller" = Matrox Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Papyrus Autor" = Papyrus Autor -- from R.O.M. logicware GmbH
"Personal Backup 5_is1" = Personal Backup 5.4
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.2.8
"PhotoZoom Professional" = PhotoZoom Professional 1.2.2
"PhraseExpress_is1" = PhraseExpress v9.0.156
"PPTminimizer 2006_is1" = PPTminimizer 2006
"Q-Dir" = Q-Dir
"Recuva" = Recuva
"ROM Papyrus Autor" = Papyrus Autor 3.53
"Sandboxie" = Sandboxie 3.76 (32-bit)
"SilverFast Epson" = SilverFast Epson 6.6.2r4
"SilverFast Epson TWAIN_is1" = SilverFast Epson TWAIN
"Speccy" = Speccy
"SpeedCommander 14" = SpeedCommander 14
"SumatraPDF" = SumatraPDF 2.2.1
"Typograf" = Typograf4.8f
"Unlocker" = Unlocker 1.9.0
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebSpider2" = Xaldon WebSpider2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 3.0.8.5
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1659004503-879983540-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2013 15:05:08 | Computer Name = SACHFACH | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD ADMIN\RECENT\DANIOS
AND DEVARIOS TETRA 2.RTF.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext:
Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät
funktioniert nicht. (0x8007001f)
Error - 02.03.2013 15:07:03 | Computer Name = SACHFACH | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD ADMIN\RECENT\LEKTORATSVORSCHLAG
DES TEXTES VON PETER COTTLE.PAP.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 02.03.2013 15:07:07 | Computer Name = SACHFACH | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD ADMIN\RECENT\TYPOSKRIPT.LNK>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 02.03.2013 15:08:03 | Computer Name = SACHFACH | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\GERHARD ADMIN\RECENT\ZUCHT
DEVARIO SHANENSIS.PAP.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext:
Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät
funktioniert nicht. (0x8007001f)
Error - 03.03.2013 18:05:48 | Computer Name = SACHFACH | Source = NTBackup | ID = 8001
Description = Ende der Sicherung von 'E:' 'Es wurden Warnungen oder Fehler gefunden.'
Überprüfen:
Off Modus: Append Typ: Normal Einzelheiten finden Sie im Sicherungsbericht.
Error - 03.03.2013 18:05:48 | Computer Name = SACHFACH | Source = NTBackup | ID = 8019
Description = Vorgang beenden: Es wurden Warnungen oder Fehler gefunden. Weitere
Informationen finden Sie im Sicherungsbericht.
Error - 04.03.2013 06:48:35 | Computer Name = SACHFACH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Persbackup.exe, Version 5.4.3.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.03.2013 11:11:27 | Computer Name = SACHFACH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Photoshop.exe, Version 10.0.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.03.2013 11:26:41 | Computer Name = SACHFACH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Foxit Reader.exe, Version 4.3.0.1110, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.03.2013 08:55:22 | Computer Name = SACHFACH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 19.0.0.4794, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 02.03.2013 16:21:19 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.03.2013 10:51:17 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxeaCATSCustConnectService.
Error - 03.03.2013 10:51:17 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.03.2013 12:03:41 | Computer Name = SACHFACH | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_EUGDIDRV\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.
Error - 05.03.2013 12:15:08 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxeaCATSCustConnectService.
Error - 05.03.2013 12:15:08 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.03.2013 07:11:59 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxeaCATSCustConnectService.
Error - 06.03.2013 07:11:59 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.03.2013 09:07:09 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxeaCATSCustConnectService.
Error - 06.03.2013 09:07:09 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
06.03.2013, 22:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2013, 18:59
| #11 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung GMER 2.1.19155 - hxxp://www.gmer.net Rootkit quick scan 2013-03-07 18:42:46 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 MAXTOR_STM3500630AS rev.3.AAE 465,76GB Running: gmer_2.1.19155.exe; Driver: C:\DOKUME~1\GERHAR~1\LOKALE~1\Temp\kxloypow.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- System - GMER 2.1 ---- SSDT sppe.sys ZwEnumerateKey [0xB9ECDDA4] SSDT sppe.sys ZwEnumerateValueKey [0xB9ECE132] Code BA78EBFC ZwTraceEvent Code BA78EBFB NtTraceEvent ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-2f [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-8 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-10 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1c [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-24 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-3a [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \FileSystem\Ntfs \Ntfs 8AB081F8 AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys ---- EOF - GMER 2.1 ---- Melde mich von meinem Netbook: Nach dem Scan von GMER auf dem Desktop-Rechner habe ich wie angegeben einen Neustart gemacht. Windows startet, nach der Auswahl des Benutzers werden die Benutzereinstellungen geladen, dann erscheint nur ein blauer Bildschirm (keine Taskleiste, kein Desktop, nichts). Der Proecess Explorer von Sysinternal lässt sich starten und es es ist zu sehen, dass Prozesse nur bis zum explorer.exe gestartet sind. Weiter geht nix. Malwarebytes Anti-Rootkit BETA 1.01.0.1021 Malwarebytes : Free Anti-Malware download Database version: v2013.03.07.14 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gerhard Admin :: SACHFACH [administrator] 07.03.2013 21:42:29 mbar-log-2013-03-07 (21-42-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28975 Time elapsed: 14 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
08.03.2013, 10:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung Die Logs bitte in CODE Tags posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 14:21
| #13 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-AuslastungCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 12:28:34
-----------------------------
12:28:34.421 OS Version: Windows 5.1.2600 Service Pack 3
12:28:34.421 Number of processors: 2 586 0xF0B
12:28:34.421 ComputerName: SACHFACH UserName: 12:28:35.328 Initialize success
12:30:31.296 AVAST engine defs: 13030703
12:30:48.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8
12:30:48.015 Disk 0 Vendor: MAXTOR_STM3500630AS 3.AAE Size: 476940MB BusType: 3
12:30:48.031 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-1c
12:30:48.062 Disk 1 Vendor: MAXTOR_STM3500630AS 3.AAE Size: 476940MB BusType: 3
12:30:48.078 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-24
12:30:48.109 Disk 2 Vendor: MAXTOR_STM3500630AS 3.AAE Size: 476940MB BusType: 3
12:30:48.140 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-2f
12:30:48.187 Disk 3 Vendor: MAXTOR_STM3500630AS 3.AAE Size: 476940MB BusType: 3
12:30:48.218 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP5T0L0-3a
12:30:48.265 Disk 4 Vendor: MAXTOR_STM3500630AS 3.AAE Size: 476940MB BusType: 3
12:30:48.328 Disk 0 MBR read successfully
12:30:48.375 Disk 0 MBR scan
12:30:48.437 Disk 0 unknown MBR code
12:30:48.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
12:30:48.546 Disk 0 scanning sectors +976768065
12:30:48.671 Disk 0 scanning C:\WINDOWS\system32\drivers
12:31:16.359 Service scanning
12:31:36.468 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:31:43.140 Modules scanning
12:31:53.875 Disk 0 trace - called modules:
12:31:53.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spaj.sys >>UNKNOWN [0x8ab2a938]<<
12:31:54.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa6bab8]
12:31:54.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ab78238]
12:31:54.156 5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-8[0x8aadbd98]
12:31:54.765 AVAST engine scan C:\WINDOWS
12:32:00.343 AVAST engine scan C:\WINDOWS\system32
12:36:52.640 AVAST engine scan C:\WINDOWS\system32\drivers
12:37:34.656 AVAST engine scan C:\Dokumente und Einstellungen\Gerhard Admin
12:44:51.656 AVAST engine scan C:\Dokumente und Einstellungen\All Users
12:48:54.750 Scan finished successfully
12:50:53.125 Disk 0 MBR has been saved successfully to „D:\Sandbox-Ausgang\MBR.dat“
12:50:53.187 The log file has been saved successfully to „D:\Sandbox-Ausgang\aswMBR.txt“
Code:
ATTFilter 13:14:03.0750 3620 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:14:04.0015 3620 ============================================================
13:14:04.0015 3620 Current date / time: 2013/03/08 13:14:04.0015
13:14:04.0015 3620 SystemInfo:
13:14:04.0015 3620
13:14:04.0015 3620 OS Version: 5.1.2600 ServicePack: 3.0
13:14:04.0015 3620 Product type: Workstation
13:14:04.0015 3620 ComputerName: SACHFACH
13:14:04.0015 3620 UserName: Gerhard Admin
13:14:04.0015 3620 Windows directory: C:\WINDOWS
13:14:04.0015 3620 System windows directory: C:\WINDOWS
13:14:04.0015 3620 Processor architecture: Intel x86
13:14:04.0015 3620 Number of processors: 2
13:14:04.0015 3620 Page size: 0x1000
13:14:04.0015 3620 Boot type: Normal boot
13:14:04.0015 3620 ============================================================
13:14:05.0671 3620 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
13:14:05.0671 3620 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
13:14:05.0687 3620 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
13:14:05.0703 3620 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
13:14:05.0718 3620 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
13:14:05.0734 3620 ============================================================
13:14:05.0734 3620 \Device\Harddisk0\DR0:
13:14:05.0734 3620 MBR partitions:
13:14:05.0734 3620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:14:05.0734 3620 \Device\Harddisk1\DR1:
13:14:05.0750 3620 MBR partitions:
13:14:05.0750 3620 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:14:05.0750 3620 \Device\Harddisk2\DR2:
13:14:05.0750 3620 MBR partitions:
13:14:05.0750 3620 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:14:05.0750 3620 \Device\Harddisk3\DR3:
13:14:05.0765 3620 MBR partitions:
13:14:05.0765 3620 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:14:05.0765 3620 \Device\Harddisk4\DR4:
13:14:05.0765 3620 MBR partitions:
13:14:05.0765 3620 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:14:05.0765 3620 ============================================================
13:14:05.0781 3620 D: <-> \Device\Harddisk1\DR1\Partition1
13:14:05.0796 3620 E: <-> \Device\Harddisk2\DR2\Partition1
13:14:05.0812 3620 G: <-> \Device\Harddisk4\DR4\Partition1
13:14:05.0828 3620 F: <-> \Device\Harddisk3\DR3\Partition1
13:14:05.0859 3620 C: <-> \Device\Harddisk0\DR0\Partition1
13:14:05.0859 3620 ============================================================
13:14:05.0859 3620 Initialize success
13:14:05.0859 3620 ============================================================
13:14:46.0187 3840 ============================================================
13:14:46.0187 3840 Scan started
13:14:46.0187 3840 Mode: Manual; SigCheck; TDLFS;
13:14:46.0187 3840 ============================================================
13:14:46.0828 3840 ================ Scan system memory ========================
13:14:46.0828 3840 System memory - ok
13:14:46.0828 3840 ================ Scan services =============================
13:14:46.0968 3840 Abiosdsk - ok
13:14:47.0000 3840 abp480n5 - ok
13:14:47.0046 3840 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:14:47.0875 3840 ACPI - ok
13:14:47.0921 3840 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:14:48.0125 3840 ACPIEC - ok
13:14:48.0203 3840 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:14:48.0375 3840 AdobeFlashPlayerUpdateSvc - ok
13:14:48.0390 3840 adpu160m - ok
13:14:48.0437 3840 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:14:48.0546 3840 aec - ok
13:14:48.0609 3840 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:14:48.0656 3840 AFD - ok
13:14:48.0671 3840 Aha154x - ok
13:14:48.0718 3840 aic78u2 - ok
13:14:48.0750 3840 aic78xx - ok
13:14:48.0796 3840 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:14:48.0968 3840 Alerter - ok
13:14:49.0015 3840 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
13:14:49.0078 3840 ALG - ok
13:14:49.0109 3840 AliIde - ok
13:14:49.0140 3840 amsint - ok
13:14:49.0187 3840 [ FB20F6220BCBBD6A4F870D4BF83BC12B ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
13:14:49.0796 3840 AnyDVD - ok
13:14:49.0843 3840 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:14:50.0015 3840 AppMgmt - ok
13:14:50.0062 3840 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:14:50.0250 3840 Arp1394 - ok
13:14:50.0265 3840 asc - ok
13:14:50.0296 3840 asc3350p - ok
13:14:50.0343 3840 asc3550 - ok
13:14:50.0531 3840 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:14:50.0671 3840 aspnet_state - ok
13:14:50.0703 3840 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:14:50.0875 3840 AsyncMac - ok
13:14:50.0906 3840 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:14:51.0015 3840 atapi - ok
13:14:51.0046 3840 Atdisk - ok
13:14:51.0093 3840 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:14:51.0265 3840 Atmarpc - ok
13:14:51.0312 3840 [ 523CA82A8810F4354E6425406AFBC130 ] ATMsrvc C:\WINDOWS\System32\ATMsrvc.exe
13:14:51.0375 3840 ATMsrvc ( UnsignedFile.Multi.Generic ) - warning
13:14:51.0375 3840 ATMsrvc - detected UnsignedFile.Multi.Generic (1)
13:14:51.0421 3840 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:14:51.0531 3840 AudioSrv - ok
13:14:51.0593 3840 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:14:51.0750 3840 audstub - ok
13:14:51.0812 3840 [ 9AD5AA947569DB289CE81B1B1D47BA00 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
13:14:51.0984 3840 avc3 - ok
13:14:52.0031 3840 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
13:14:52.0156 3840 avchv - ok
13:14:52.0187 3840 [ 44A93102C687D6A491902F52B60CD4D2 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
13:14:52.0203 3840 avckf - ok
13:14:52.0265 3840 [ 0BCB6B3DF2E248C8E8F2FFC6F58D1341 ] AVMCOWAN C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
13:14:52.0421 3840 AVMCOWAN - ok
13:14:52.0468 3840 [ C997AF59C54D69232FB7BBEA4DAD86E2 ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
13:14:52.0656 3840 AVMWAN - ok
13:14:52.0718 3840 [ 5EF7AC38B4A7DC80860D7FFAFAC78C36 ] bdfsfltr C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
13:14:52.0828 3840 bdfsfltr - ok
13:14:52.0953 3840 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Firewall\bdftdif.sys
13:14:53.0062 3840 bdftdif - ok
13:14:53.0109 3840 [ E260C0079B5C1107B87E98F356292004 ] bdsandbox C:\WINDOWS\system32\drivers\bdsandbox.sys
13:14:53.0234 3840 bdsandbox - ok
13:14:53.0312 3840 [ A9A33963C8358979827D1A75B20C0423 ] bdselfpr C:\Programme\Bitdefender\Bitdefender 2012\bdselfpr.sys
13:14:53.0421 3840 bdselfpr - ok
13:14:53.0453 3840 [ 375CD0B9F433465EC6F50D4DF44E9448 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
13:14:53.0562 3840 BDVEDISK - ok
13:14:53.0609 3840 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:14:53.0781 3840 Beep - ok
13:14:53.0828 3840 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:14:54.0062 3840 BITS - ok
13:14:54.0109 3840 [ 852A1BD08E7DFEB9E30B5440881C0501 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
13:14:54.0218 3840 BlueletAudio - ok
13:14:54.0281 3840 [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
13:14:54.0390 3840 BlueletSCOAudio - ok
13:14:54.0437 3840 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
13:14:54.0562 3840 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
13:14:54.0562 3840 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
13:14:54.0609 3840 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
13:14:54.0671 3840 Browser - ok
13:14:54.0703 3840 [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
13:14:54.0812 3840 BT - ok
13:14:54.0859 3840 [ DA473D279420234170DA795F1CAD4479 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
13:14:54.0968 3840 Btcsrusb - ok
13:14:55.0000 3840 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:14:55.0203 3840 BthEnum - ok
13:14:55.0250 3840 [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum C:\WINDOWS\system32\Drivers\vbtenum.sys
13:14:55.0375 3840 BTHidEnum - ok
13:14:55.0390 3840 [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
13:14:55.0515 3840 BTHidMgr - ok
13:14:55.0546 3840 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
13:14:55.0765 3840 BTHMODEM - ok
13:14:55.0796 3840 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:14:56.0015 3840 BthPan - ok
13:14:56.0062 3840 [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
13:14:56.0109 3840 BTHPORT - ok
13:14:56.0156 3840 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINDOWS\System32\bthserv.dll
13:14:56.0343 3840 BthServ - ok
13:14:56.0390 3840 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:14:56.0593 3840 BTHUSB - ok
13:14:56.0640 3840 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:14:56.0812 3840 cbidf2k - ok
13:14:56.0828 3840 cd20xrnt - ok
13:14:56.0875 3840 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:14:57.0078 3840 Cdaudio - ok
13:14:57.0125 3840 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:14:57.0312 3840 Cdfs - ok
13:14:57.0359 3840 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:14:57.0609 3840 Cdrom - ok
13:14:57.0687 3840 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:14:57.0843 3840 CiSvc - ok
13:14:57.0875 3840 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:14:58.0062 3840 ClipSrv - ok
13:14:58.0140 3840 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:14:58.0234 3840 clr_optimization_v2.0.50727_32 - ok
13:14:58.0281 3840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:14:58.0359 3840 clr_optimization_v4.0.30319_32 - ok
13:14:58.0375 3840 CmdIde - ok
13:14:58.0437 3840 COMSysApp - ok
13:14:58.0546 3840 Cpqarray - ok
13:14:58.0609 3840 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Programme\SystemRequirementsLab\cpudrv.sys
13:14:58.0703 3840 cpudrv - ok
13:14:58.0750 3840 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:14:58.0859 3840 CryptSvc - ok
13:14:58.0906 3840 [ 0284C94FC495D8D08DF24C18994C1662 ] cxbu0wdm C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
13:14:59.0046 3840 cxbu0wdm - ok
13:14:59.0078 3840 dac2w2k - ok
13:14:59.0109 3840 dac960nt - ok
13:14:59.0171 3840 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:14:59.0250 3840 DcomLaunch - ok
13:14:59.0265 3840 dgderdrv - ok
13:14:59.0343 3840 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:14:59.0437 3840 Dhcp - ok
13:14:59.0484 3840 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:14:59.0687 3840 Disk - ok
13:14:59.0703 3840 dmadmin - ok
13:14:59.0765 3840 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:15:00.0000 3840 dmboot - ok
13:15:00.0031 3840 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:15:00.0250 3840 dmio - ok
13:15:00.0281 3840 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:15:00.0437 3840 dmload - ok
13:15:00.0468 3840 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:15:00.0593 3840 dmserver - ok
13:15:00.0625 3840 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:15:00.0734 3840 DMusic - ok
13:15:00.0781 3840 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:15:00.0812 3840 Dnscache - ok
13:15:00.0875 3840 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:15:01.0078 3840 Dot3svc - ok
13:15:01.0109 3840 dpti2o - ok
13:15:01.0156 3840 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:15:01.0265 3840 drmkaud - ok
13:15:01.0312 3840 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:15:01.0437 3840 e1express - ok
13:15:01.0468 3840 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:15:01.0640 3840 EapHost - ok
13:15:01.0671 3840 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\drivers\ElbyCDFL.sys
13:15:01.0781 3840 ElbyCDFL - ok
13:15:01.0812 3840 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
13:15:01.0921 3840 ElbyCDIO - ok
13:15:01.0968 3840 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:15:02.0078 3840 ERSvc - ok
13:15:02.0125 3840 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
13:15:02.0156 3840 Eventlog - ok
13:15:02.0187 3840 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
13:15:02.0218 3840 EventSystem - ok
13:15:02.0265 3840 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:15:02.0500 3840 Fastfat - ok
13:15:02.0546 3840 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:15:02.0593 3840 FastUserSwitchingCompatibility - ok
13:15:02.0625 3840 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:15:02.0812 3840 Fdc - ok
13:15:02.0843 3840 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:15:03.0031 3840 Fips - ok
13:15:03.0109 3840 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:15:03.0140 3840 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:15:03.0140 3840 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:15:03.0187 3840 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:15:03.0375 3840 Flpydisk - ok
13:15:03.0421 3840 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:15:03.0703 3840 FltMgr - ok
13:15:03.0796 3840 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:15:03.0875 3840 FontCache3.0.0.0 - ok
13:15:03.0937 3840 [ 25BAA9E7E21CA204B3202637C4F0D44E ] fpcibase C:\WINDOWS\system32\DRIVERS\fpcibase.sys
13:15:04.0125 3840 fpcibase - ok
13:15:04.0171 3840 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
13:15:04.0265 3840 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:15:04.0265 3840 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:15:04.0312 3840 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:15:04.0500 3840 Fs_Rec - ok
13:15:04.0531 3840 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:15:04.0796 3840 Ftdisk - ok
13:15:04.0843 3840 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:15:05.0046 3840 Gpc - ok
13:15:05.0125 3840 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
13:15:05.0265 3840 gupdate - ok
13:15:05.0296 3840 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
13:15:05.0312 3840 gupdatem - ok
13:15:05.0359 3840 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:15:05.0453 3840 HDAudBus - ok
13:15:05.0515 3840 [ CC2C8C23417CC7DDF5EDDB17E60A14DB ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
13:15:05.0546 3840 HECI - ok
13:15:05.0625 3840 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:15:05.0718 3840 helpsvc - ok
13:15:05.0765 3840 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
13:15:05.0875 3840 HidServ - ok
13:15:05.0937 3840 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:15:06.0125 3840 hidusb - ok
13:15:06.0171 3840 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:15:06.0375 3840 hkmsvc - ok
13:15:06.0390 3840 hpn - ok
13:15:06.0468 3840 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:15:06.0500 3840 HTTP - ok
13:15:06.0546 3840 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:15:06.0656 3840 HTTPFilter - ok
13:15:06.0671 3840 i2omp - ok
13:15:06.0718 3840 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:15:06.0953 3840 i8042prt - ok
13:15:07.0031 3840 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:15:07.0171 3840 idsvc - ok
13:15:07.0203 3840 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:15:07.0390 3840 Imapi - ok
13:15:07.0453 3840 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
13:15:07.0562 3840 ImapiService - ok
13:15:07.0593 3840 ini910u - ok
13:15:07.0640 3840 IntelIde - ok
13:15:07.0718 3840 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:15:07.0812 3840 intelppm - ok
13:15:07.0843 3840 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:15:08.0031 3840 Ip6Fw - ok
13:15:08.0078 3840 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:15:08.0281 3840 IpFilterDriver - ok
13:15:08.0312 3840 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:15:08.0500 3840 IpInIp - ok
13:15:08.0562 3840 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:15:08.0656 3840 IpNat - ok
13:15:08.0703 3840 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:15:08.0906 3840 IPSec - ok
13:15:08.0921 3840 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:15:09.0078 3840 IRENUM - ok
13:15:09.0125 3840 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:15:09.0312 3840 isapnp - ok
13:15:09.0421 3840 [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
13:15:09.0437 3840 JavaQuickStarterService - ok
13:15:09.0500 3840 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:15:09.0703 3840 Kbdclass - ok
13:15:09.0734 3840 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:15:09.0921 3840 kbdhid - ok
13:15:09.0953 3840 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:15:10.0062 3840 kmixer - ok
13:15:10.0125 3840 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:15:10.0171 3840 KSecDD - ok
13:15:10.0234 3840 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:15:10.0265 3840 lanmanserver - ok
13:15:10.0312 3840 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:15:10.0375 3840 lanmanworkstation - ok
13:15:10.0437 3840 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:15:10.0562 3840 LmHosts - ok
13:15:10.0656 3840 [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
13:15:10.0687 3840 lxeaCATSCustConnectService - ok
13:15:10.0703 3840 lxea_device - ok
13:15:10.0796 3840 [ 94EEC93B6EB1005940D0BA0B9C74E825 ] Matrox Centering Service c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
13:15:10.0828 3840 Matrox Centering Service - ok
13:15:10.0906 3840 [ AA8AB39DF2D3BD45DA961A25B1E4960E ] Matrox.Pdesk.ServicesHost c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
13:15:10.0921 3840 Matrox.Pdesk.ServicesHost - ok
13:15:10.0968 3840 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:15:11.0140 3840 Messenger - ok
13:15:11.0187 3840 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:15:11.0343 3840 mnmdd - ok
13:15:11.0390 3840 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:15:11.0562 3840 mnmsrvc - ok
13:15:11.0625 3840 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:15:11.0828 3840 Modem - ok
13:15:11.0875 3840 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:15:12.0078 3840 Mouclass - ok
13:15:12.0125 3840 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:15:12.0328 3840 mouhid - ok
13:15:12.0390 3840 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:15:12.0562 3840 MountMgr - ok
13:15:12.0640 3840 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:15:12.0750 3840 MozillaMaintenance - ok
13:15:12.0781 3840 mraid35x - ok
13:15:12.0828 3840 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:15:13.0062 3840 MRxDAV - ok
13:15:13.0125 3840 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:15:13.0171 3840 MRxSmb - ok
13:15:13.0218 3840 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:15:13.0390 3840 MSDTC - ok
13:15:13.0437 3840 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:15:13.0625 3840 Msfs - ok
13:15:13.0640 3840 MSIServer - ok
13:15:13.0687 3840 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:15:13.0875 3840 MSKSSRV - ok
13:15:13.0906 3840 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:15:14.0078 3840 MSPCLOCK - ok
13:15:14.0093 3840 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:15:14.0250 3840 MSPQM - ok
13:15:14.0312 3840 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:15:14.0406 3840 mssmbios - ok
13:15:14.0484 3840 [ ADBCCF288EA19728E689028C93309A6F ] MTXPAR C:\WINDOWS\system32\DRIVERS\MTXPARM.sys
13:15:14.0703 3840 MTXPAR - ok
13:15:14.0750 3840 [ 6DDA78A0BE692B61B668FAB860F276CF ] MTXPARH C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys
13:15:15.0015 3840 MTXPARH - ok
13:15:15.0046 3840 [ DBE7C0888FEF6AA35A235AB63CA4339B ] Mtxparmx C:\WINDOWS\system32\DRIVERS\Mtxparmx.sys
13:15:15.0156 3840 Mtxparmx - ok
13:15:15.0203 3840 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:15:15.0234 3840 Mup - ok
13:15:15.0281 3840 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
13:15:15.0500 3840 napagent - ok
13:15:15.0625 3840 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
13:15:15.0843 3840 NBService - ok
13:15:15.0906 3840 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:15:16.0281 3840 NDIS - ok
13:15:16.0328 3840 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:15:16.0375 3840 NdisTapi - ok
13:15:16.0406 3840 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:15:16.0500 3840 Ndisuio - ok
13:15:16.0531 3840 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:15:16.0734 3840 NdisWan - ok
13:15:16.0765 3840 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:15:16.0812 3840 NDProxy - ok
13:15:16.0859 3840 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:15:17.0031 3840 NetBIOS - ok
13:15:17.0078 3840 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:15:17.0296 3840 NetBT - ok
13:15:17.0343 3840 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
13:15:17.0546 3840 NetDDE - ok
13:15:17.0578 3840 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:15:17.0671 3840 NetDDEdsdm - ok
13:15:17.0703 3840 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:15:17.0828 3840 Netlogon - ok
13:15:17.0875 3840 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
13:15:17.0968 3840 Netman - ok
13:15:18.0031 3840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:15:18.0125 3840 NetTcpPortSharing - ok
13:15:18.0187 3840 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:15:18.0281 3840 NIC1394 - ok
13:15:18.0328 3840 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:15:18.0375 3840 Nla - ok
13:15:18.0453 3840 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
13:15:18.0640 3840 NMIndexingService - ok
13:15:18.0671 3840 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:15:18.0859 3840 Npfs - ok
13:15:18.0875 3840 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:15:19.0125 3840 Ntfs - ok
13:15:19.0156 3840 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:15:19.0250 3840 NtLmSsp - ok
13:15:19.0312 3840 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:15:19.0671 3840 NtmsSvc - ok
13:15:19.0703 3840 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:15:19.0828 3840 Null - ok
13:15:19.0875 3840 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:15:20.0046 3840 NwlnkFlt - ok
13:15:20.0078 3840 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:15:20.0250 3840 NwlnkFwd - ok
13:15:20.0296 3840 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:15:20.0390 3840 ohci1394 - ok
13:15:20.0453 3840 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:15:20.0578 3840 ose - ok
13:15:20.0609 3840 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:15:20.0703 3840 Parport - ok
13:15:20.0734 3840 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:15:20.0921 3840 PartMgr - ok
13:15:20.0968 3840 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:15:21.0140 3840 ParVdm - ok
13:15:21.0156 3840 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:15:21.0343 3840 PCI - ok
13:15:21.0390 3840 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:15:21.0546 3840 PCIIde - ok
13:15:21.0578 3840 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:15:21.0781 3840 Pcmcia - ok
13:15:21.0796 3840 perc2 - ok
13:15:21.0843 3840 perc2hib - ok
13:15:21.0937 3840 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
13:15:21.0968 3840 PlugPlay - ok
13:15:21.0984 3840 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:15:22.0078 3840 PolicyAgent - ok
13:15:22.0140 3840 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:15:22.0296 3840 PptpMiniport - ok
13:15:22.0328 3840 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:15:22.0421 3840 ProtectedStorage - ok
13:15:22.0453 3840 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:15:22.0656 3840 PSched - ok
13:15:22.0687 3840 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:15:22.0859 3840 Ptilink - ok
13:15:22.0875 3840 ql1080 - ok
13:15:22.0921 3840 Ql10wnt - ok
13:15:22.0937 3840 ql12160 - ok
13:15:22.0968 3840 ql1240 - ok
13:15:23.0015 3840 ql1280 - ok
13:15:23.0046 3840 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:15:23.0218 3840 RasAcd - ok
13:15:23.0265 3840 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:15:23.0468 3840 RasAuto - ok
13:15:23.0500 3840 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:15:23.0671 3840 Rasl2tp - ok
13:15:23.0703 3840 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:15:23.0812 3840 RasMan - ok
13:15:23.0828 3840 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:15:24.0000 3840 RasPppoe - ok
13:15:24.0015 3840 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:15:24.0187 3840 Raspti - ok
13:15:24.0234 3840 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:15:24.0468 3840 Rdbss - ok
13:15:24.0500 3840 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:15:24.0656 3840 RDPCDD - ok
13:15:24.0703 3840 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:15:24.0937 3840 rdpdr - ok
13:15:25.0000 3840 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:15:25.0031 3840 RDPWD - ok
13:15:25.0078 3840 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:15:25.0281 3840 RDSessMgr - ok
13:15:25.0312 3840 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:15:25.0531 3840 redbook - ok
13:15:25.0578 3840 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:15:25.0765 3840 RemoteAccess - ok
13:15:25.0796 3840 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:15:25.0984 3840 RemoteRegistry - ok
13:15:26.0000 3840 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:15:26.0203 3840 RFCOMM - ok
13:15:26.0250 3840 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
13:15:26.0421 3840 ROOTMODEM - ok
13:15:26.0468 3840 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:15:26.0640 3840 RpcLocator - ok
13:15:26.0687 3840 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:15:26.0718 3840 RpcSs - ok
13:15:26.0750 3840 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:15:26.0921 3840 RSVP - ok
13:15:26.0953 3840 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:15:27.0046 3840 SamSs - ok
13:15:27.0125 3840 [ CA57D847403633D0D97114071B59C2B2 ] SbieDrv C:\Programme\Sandboxie\SbieDrv.sys
13:15:27.0140 3840 SbieDrv - ok
13:15:27.0171 3840 [ 5CC11034A2E22DFF623BC922090AEBAB ] SbieSvc C:\Programme\Sandboxie\SbieSvc.exe
13:15:27.0187 3840 SbieSvc - ok
13:15:27.0234 3840 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
13:15:27.0437 3840 sbp2port - ok
13:15:27.0484 3840 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:15:27.0593 3840 SCardSvr - ok
13:15:27.0656 3840 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:15:27.0765 3840 Schedule - ok
13:15:27.0828 3840 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:15:27.0968 3840 Secdrv - ok
13:15:28.0015 3840 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
13:15:28.0109 3840 seclogon - ok
13:15:28.0140 3840 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
13:15:28.0250 3840 SENS - ok
13:15:28.0281 3840 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:15:28.0500 3840 serenum - ok
13:15:28.0531 3840 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:15:28.0734 3840 Serial - ok
13:15:28.0843 3840 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:15:29.0031 3840 Sfloppy - ok
13:15:29.0078 3840 [ 76BD55922B3179FA7B5BD528839E6FB4 ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
13:15:29.0203 3840 sfng32 - ok
13:15:29.0250 3840 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:15:29.0375 3840 SharedAccess - ok
13:15:29.0406 3840 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:15:29.0437 3840 ShellHWDetection - ok
13:15:29.0468 3840 Simbad - ok
13:15:29.0531 3840 [ 13D149D7114A72DACE8464B8464B7767 ] SMBios C:\WINDOWS\system32\DRIVERS\SMBios.sys
13:15:29.0640 3840 SMBios ( UnsignedFile.Multi.Generic ) - warning
13:15:29.0640 3840 SMBios - detected UnsignedFile.Multi.Generic (1)
13:15:29.0687 3840 Sparrow - ok
13:15:29.0734 3840 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:15:29.0843 3840 splitter - ok
13:15:29.0890 3840 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:15:29.0937 3840 Spooler - ok
13:15:30.0000 3840 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
13:15:30.0000 3840 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
13:15:30.0000 3840 sptd ( LockedFile.Multi.Generic ) - warning
13:15:30.0000 3840 sptd - detected LockedFile.Multi.Generic (1)
13:15:30.0031 3840 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:15:30.0203 3840 sr - ok
13:15:30.0265 3840 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:15:30.0343 3840 srservice - ok
13:15:30.0375 3840 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:15:30.0421 3840 Srv - ok
13:15:30.0453 3840 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:15:30.0546 3840 SSDPSRV - ok
13:15:30.0578 3840 [ 54946449A0EB74915A4BB34F7EE51A5A ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys
13:15:30.0718 3840 ss_bus - ok
13:15:30.0765 3840 [ 4450BC0B2E9D7D9B90E3C3DE4EA00A78 ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
13:15:30.0859 3840 ss_mdfl - ok
13:15:30.0906 3840 [ 30B8D0DD01EAD1243F329CAF7D7D1517 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
13:15:31.0031 3840 ss_mdm - ok
13:15:31.0062 3840 [ B5FE66D088A74E7ADC8263519643B45D ] STacSV C:\WINDOWS\system32\STacSV.exe
13:15:31.0093 3840 STacSV ( UnsignedFile.Multi.Generic ) - warning
13:15:31.0093 3840 STacSV - detected UnsignedFile.Multi.Generic (1)
13:15:31.0203 3840 [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
13:15:31.0234 3840 StarMoney 8.0 OnlineUpdate - ok
13:15:31.0312 3840 [ 527FD7D6919734C2A61C8AA3D5740E61 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:15:31.0500 3840 STHDA - ok
13:15:31.0562 3840 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:15:31.0671 3840 stisvc - ok
13:15:31.0734 3840 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:15:31.0890 3840 swenum - ok
13:15:31.0921 3840 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:15:32.0015 3840 swmidi - ok
13:15:32.0046 3840 SwPrv - ok
13:15:32.0109 3840 symc810 - ok
13:15:32.0140 3840 symc8xx - ok
13:15:32.0187 3840 sym_hi - ok
13:15:32.0218 3840 sym_u3 - ok
13:15:32.0281 3840 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:15:32.0375 3840 sysaudio - ok
13:15:32.0421 3840 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:15:32.0625 3840 SysmonLog - ok
13:15:32.0687 3840 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:15:32.0796 3840 TapiSrv - ok
13:15:32.0843 3840 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:15:32.0890 3840 Tcpip - ok
13:15:32.0937 3840 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:15:33.0109 3840 TDPIPE - ok
13:15:33.0140 3840 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:15:33.0328 3840 TDTCP - ok
13:15:33.0359 3840 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:15:33.0578 3840 TermDD - ok
13:15:33.0625 3840 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:15:33.0734 3840 TermService - ok
13:15:33.0765 3840 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:15:33.0796 3840 Themes - ok
13:15:33.0843 3840 [ B0B3122BFF3910E0BA97014045467778 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:15:33.0859 3840 tifsfilter - ok
13:15:33.0921 3840 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:15:34.0078 3840 TlntSvr - ok
13:15:34.0156 3840 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
13:15:34.0281 3840 TomTomHOMEService - ok
13:15:34.0312 3840 TosIde - ok
13:15:34.0375 3840 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:15:34.0484 3840 TrkWks - ok
13:15:34.0546 3840 [ 9016639C71328E4667D06119937AA20A ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
13:15:34.0687 3840 trufos - ok
13:15:34.0750 3840 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:15:34.0937 3840 Udfs - ok
13:15:34.0984 3840 ultra - ok
13:15:35.0046 3840 [ 5A5BD0F66E84EB039CB227520D49908C ] UltraMonUtility C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
13:15:35.0062 3840 UltraMonUtility - ok
13:15:35.0125 3840 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
13:15:35.0187 3840 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
13:15:35.0187 3840 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
13:15:35.0250 3840 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:15:35.0453 3840 Update - ok
13:15:35.0562 3840 [ 3CC00597A30B23757AA23CB677918BEF ] Update Server C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
13:15:35.0671 3840 Update Server - ok
13:15:35.0765 3840 [ 03579BEC2E930B92EFD6D4E7F899CFF5 ] UPDATESRV C:\Programme\Bitdefender\Bitdefender 2012\updatesrv.exe
13:15:35.0781 3840 UPDATESRV - ok
13:15:35.0812 3840 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:15:36.0015 3840 upnphost - ok
13:15:36.0046 3840 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
13:15:36.0203 3840 UPS - ok
13:15:36.0265 3840 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:15:36.0484 3840 usbccgp - ok
13:15:36.0515 3840 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:15:36.0671 3840 usbehci - ok
13:15:36.0718 3840 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:15:36.0921 3840 usbhub - ok
13:15:36.0968 3840 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:15:37.0171 3840 usbprint - ok
13:15:37.0203 3840 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:15:37.0406 3840 usbscan - ok
13:15:37.0453 3840 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:15:37.0656 3840 usbstor - ok
13:15:37.0687 3840 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:15:37.0843 3840 usbuhci - ok
13:15:37.0890 3840 [ 51750B0539986186C6931FC40D171521 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
13:15:38.0015 3840 VComm - ok
13:15:38.0046 3840 [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
13:15:38.0171 3840 VcommMgr - ok
13:15:38.0203 3840 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:15:38.0375 3840 VgaSave - ok
13:15:38.0390 3840 ViaIde - ok
13:15:38.0453 3840 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:15:38.0656 3840 VolSnap - ok
13:15:38.0718 3840 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:15:38.0906 3840 VSS - ok
13:15:38.0937 3840 vsserv - ok
13:15:39.0000 3840 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
13:15:39.0093 3840 W32Time - ok
13:15:39.0140 3840 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:15:39.0312 3840 Wanarp - ok
13:15:39.0406 3840 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:15:39.0562 3840 Wdf01000 - ok
13:15:39.0625 3840 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:15:39.0718 3840 wdmaud - ok
13:15:39.0765 3840 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:15:39.0953 3840 WebClient - ok
13:15:40.0062 3840 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:15:40.0156 3840 winmgmt - ok
13:15:40.0218 3840 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:15:40.0453 3840 WinRM - ok
13:15:40.0531 3840 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:15:40.0625 3840 WmdmPmSN - ok
13:15:40.0703 3840 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:15:40.0750 3840 Wmi - ok
13:15:40.0812 3840 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:15:40.0906 3840 WmiApSrv - ok
13:15:40.0984 3840 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
13:15:41.0171 3840 WMPNetworkSvc - ok
13:15:41.0281 3840 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:15:41.0437 3840 WPFFontCache_v0400 - ok
13:15:41.0500 3840 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:15:41.0609 3840 wscsvc - ok
13:15:41.0625 3840 WSearch - ok
13:15:41.0703 3840 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:15:41.0812 3840 wuauserv - ok
13:15:41.0859 3840 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:15:41.0984 3840 WudfPf - ok
13:15:42.0031 3840 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:15:42.0156 3840 WudfRd - ok
13:15:42.0187 3840 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:15:42.0281 3840 WudfSvc - ok
13:15:42.0343 3840 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:15:42.0468 3840 WZCSVC - ok
13:15:42.0515 3840 [ B9DFF9491CABBD3D2E00A350FDB4F44E ] X-Rite C:\WINDOWS\system32\DRIVERS\XrUsb.sys
13:15:42.0609 3840 X-Rite ( UnsignedFile.Multi.Generic ) - warning
13:15:42.0609 3840 X-Rite - detected UnsignedFile.Multi.Generic (1)
13:15:42.0640 3840 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:15:42.0843 3840 xmlprov - ok
13:15:42.0890 3840 ================ Scan global ===============================
13:15:42.0921 3840 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
13:15:42.0953 3840 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:15:42.0984 3840 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:15:43.0015 3840 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
13:15:43.0015 3840 [Global] - ok
13:15:43.0015 3840 ================ Scan MBR ==================================
13:15:43.0046 3840 [ 5F8B5082F3482CC06B72EC5806598AE9 ] \Device\Harddisk0\DR0
13:15:43.0218 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:15:43.0218 3840 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:15:43.0234 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:15:43.0296 3840 \Device\Harddisk1\DR1 - ok
13:15:43.0328 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
13:15:43.0421 3840 \Device\Harddisk2\DR2 - ok
13:15:43.0453 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
13:15:43.0718 3840 \Device\Harddisk3\DR3 - ok
13:15:43.0750 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
13:15:43.0828 3840 \Device\Harddisk4\DR4 - ok
13:15:43.0843 3840 ================ Scan VBR ==================================
13:15:43.0859 3840 [ 0DE13D75B8D92A1F0D76A34C90479297 ] \Device\Harddisk0\DR0\Partition1
13:15:43.0859 3840 \Device\Harddisk0\DR0\Partition1 - ok
13:15:43.0890 3840 [ EA2D5BBE2FC8510EA0151BFFC21DD67C ] \Device\Harddisk1\DR1\Partition1
13:15:43.0890 3840 \Device\Harddisk1\DR1\Partition1 - ok
13:15:43.0921 3840 [ 80C5082430AE64500127373FDD5F2530 ] \Device\Harddisk2\DR2\Partition1
13:15:43.0921 3840 \Device\Harddisk2\DR2\Partition1 - ok
13:15:43.0953 3840 [ 504ADF1749DD81F8573376F09089179F ] \Device\Harddisk3\DR3\Partition1
13:15:43.0953 3840 \Device\Harddisk3\DR3\Partition1 - ok
13:15:43.0984 3840 [ 5A64A021FF7592B12EA3ECD254375F24 ] \Device\Harddisk4\DR4\Partition1
13:15:43.0984 3840 \Device\Harddisk4\DR4\Partition1 - ok
13:15:44.0000 3840 ============================================================
13:15:44.0000 3840 Scan finished
13:15:44.0000 3840 ============================================================
13:15:44.0140 2276 Detected object count: 10
13:15:44.0140 2276 Actual detected object count: 10
13:16:38.0640 2276 ATMsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:38.0640 2276 ATMsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:38.0640 2276 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:38.0640 2276 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:38.0656 2276 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:38.0656 2276 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:38.0656 2276 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:38.0656 2276 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:38.0656 2276 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:38.0656 2276 SMBios ( UnsignedFile.Multi.Generic ) - User Select Action: Skip
13:16:38.0656 2276 sptd ( LockedFile.Multi.Generic ) - skipped by User
13:16:38.0656 2276 sptd ( LockedFile.Multi.Generic ) - User Select Action: Skip
13:16:38.0671 2276 STacSV ( UnsignedFile.Multi.Generic ) - skipped by User
13:16:38.0671 2276 STacSV ( UnsignedFile.Multi.Generic ) - User Select Action: Skip
13:16:38.0671 2276 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by User
13:16:38.0671 2276 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User Select Action: Skip
13:16:38.0671 2276 X-Rite ( UnsignedFile.Multi.Generic ) - skipped by User
13:16:38.0671 2276 X-Rite ( UnsignedFile.Multi.Generic ) - User Select Action: Skip
13:16:38.0687 2276 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by User
13:16:38.0687 2276 \Device\Harddisk0\DR0 ( TDSS File System ) - User Select Action: Skip
|
|
08.03.2013, 15:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-AuslastungCode:
ATTFilter \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by User
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.03.2013, 17:15
| #15 |
| | Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-AuslastungCode:
ATTFilter 16:06:11.0718 2884 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:06:12.0078 2884 ============================================================
16:06:12.0078 2884 Current date / time: 2013/03/08 16:06:12.0078
16:06:12.0078 2884 SystemInfo:
16:06:12.0078 2884
16:06:12.0078 2884 OS Version: 5.1.2600 ServicePack: 3.0
16:06:12.0078 2884 Product type: Workstation
16:06:12.0078 2884 ComputerName: SACHFACH
16:06:12.0078 2884 UserName: Gerhard Admin
16:06:12.0078 2884 Windows directory: C:\WINDOWS
16:06:12.0078 2884 System windows directory: C:\WINDOWS
16:06:12.0078 2884 Processor architecture: Intel x86
16:06:12.0078 2884 Number of processors: 2
16:06:12.0078 2884 Page size: 0x1000
16:06:12.0078 2884 Boot type: Normal boot
16:06:12.0078 2884 ============================================================
16:06:13.0578 2884 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
16:06:13.0593 2884 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
16:06:13.0593 2884 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
16:06:13.0625 2884 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
16:06:13.0640 2884 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‚K0‘, Flags 0x00000054
16:06:13.0656 2884 ============================================================
16:06:13.0656 2884 \Device\Harddisk0\DR0:
16:06:13.0656 2884 MBR partitions:
16:06:13.0656 2884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:06:13.0656 2884 \Device\Harddisk1\DR1:
16:06:13.0671 2884 MBR partitions:
16:06:13.0671 2884 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:06:13.0671 2884 \Device\Harddisk2\DR2:
16:06:13.0671 2884 MBR partitions:
16:06:13.0671 2884 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:06:13.0671 2884 \Device\Harddisk3\DR3:
16:06:13.0671 2884 MBR partitions:
16:06:13.0671 2884 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:06:13.0671 2884 \Device\Harddisk4\DR4:
16:06:13.0687 2884 MBR partitions:
16:06:13.0687 2884 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:06:13.0687 2884 ============================================================
16:06:13.0703 2884 D: <-> \Device\Harddisk1\DR1\Partition1
16:06:13.0718 2884 E: <-> \Device\Harddisk2\DR2\Partition1
16:06:13.0734 2884 G: <-> \Device\Harddisk4\DR4\Partition1
16:06:13.0765 2884 F: <-> \Device\Harddisk3\DR3\Partition1
16:06:13.0828 2884 C: <-> \Device\Harddisk0\DR0\Partition1
16:06:13.0828 2884 ============================================================
16:06:13.0828 2884 Initialize success
16:06:13.0828 2884 ============================================================
16:06:26.0328 3628 ============================================================
16:06:26.0328 3628 Scan started
16:06:26.0328 3628 Mode: Manual; SigCheck; TDLFS;
16:06:26.0328 3628 ============================================================
16:06:27.0140 3628 ================ Scan system memory ========================
16:06:27.0156 3628 System memory - ok
16:06:27.0171 3628 ================ Scan services =============================
16:06:27.0437 3628 Abiosdsk - ok
16:06:27.0500 3628 abp480n5 - ok
16:06:27.0640 3628 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:06:37.0968 3628 ACPI - ok
16:06:38.0031 3628 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:06:46.0093 3628 ACPIEC - ok
16:06:46.0234 3628 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:06:47.0078 3628 AdobeFlashPlayerUpdateSvc - ok
16:06:47.0156 3628 adpu160m - ok
16:06:47.0265 3628 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:06:54.0968 3628 aec - ok
16:06:55.0062 3628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:06:55.0328 3628 AFD - ok
16:06:55.0406 3628 Aha154x - ok
16:06:55.0453 3628 aic78u2 - ok
16:06:55.0546 3628 aic78xx - ok
16:06:55.0656 3628 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:07:03.0328 3628 Alerter - ok
16:07:03.0375 3628 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
16:07:07.0921 3628 ALG - ok
16:07:08.0000 3628 AliIde - ok
16:07:08.0078 3628 amsint - ok
16:07:08.0187 3628 [ FB20F6220BCBBD6A4F870D4BF83BC12B ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:07:10.0171 3628 AnyDVD - ok
16:07:10.0250 3628 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:07:14.0859 3628 AppMgmt - ok
16:07:14.0984 3628 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:07:24.0328 3628 Arp1394 - ok
16:07:24.0437 3628 asc - ok
16:07:24.0546 3628 asc3350p - ok
16:07:24.0625 3628 asc3550 - ok
16:07:25.0125 3628 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:07:26.0078 3628 aspnet_state - ok
16:07:26.0156 3628 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:07:34.0421 3628 AsyncMac - ok
16:07:34.0515 3628 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:07:42.0828 3628 atapi - ok
16:07:42.0906 3628 Atdisk - ok
16:07:43.0031 3628 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:07:51.0937 3628 Atmarpc - ok
16:07:52.0140 3628 [ 523CA82A8810F4354E6425406AFBC130 ] ATMsrvc C:\WINDOWS\System32\ATMsrvc.exe
16:07:52.0203 3628 ATMsrvc ( UnsignedFile.Multi.Generic ) - warning
16:07:52.0203 3628 ATMsrvc - detected UnsignedFile.Multi.Generic (1)
16:07:52.0343 3628 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:08:00.0875 3628 AudioSrv - ok
16:08:00.0968 3628 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:08:09.0046 3628 audstub - ok
16:08:09.0156 3628 [ 9AD5AA947569DB289CE81B1B1D47BA00 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
16:08:12.0468 3628 avc3 - ok
16:08:12.0921 3628 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
16:08:14.0062 3628 avchv - ok
16:08:14.0171 3628 [ 44A93102C687D6A491902F52B60CD4D2 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
16:08:15.0453 3628 avckf - ok
16:08:15.0562 3628 [ 0BCB6B3DF2E248C8E8F2FFC6F58D1341 ] AVMCOWAN C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
16:08:20.0562 3628 AVMCOWAN - ok
16:08:20.0718 3628 [ C997AF59C54D69232FB7BBEA4DAD86E2 ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
16:08:30.0500 3628 AVMWAN - ok
16:08:30.0640 3628 [ 5EF7AC38B4A7DC80860D7FFAFAC78C36 ] bdfsfltr C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
16:08:31.0859 3628 bdfsfltr - ok
16:08:32.0406 3628 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Firewall\bdftdif.sys
16:08:33.0281 3628 bdftdif - ok
16:08:33.0359 3628 [ E260C0079B5C1107B87E98F356292004 ] bdsandbox C:\WINDOWS\system32\drivers\bdsandbox.sys
16:08:34.0156 3628 bdsandbox - ok
16:08:34.0296 3628 [ A9A33963C8358979827D1A75B20C0423 ] bdselfpr C:\Programme\Bitdefender\Bitdefender 2012\bdselfpr.sys
16:08:35.0406 3628 bdselfpr - ok
16:08:35.0484 3628 [ 375CD0B9F433465EC6F50D4DF44E9448 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
16:08:36.0375 3628 BDVEDISK - ok
16:08:36.0468 3628 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:08:44.0890 3628 Beep - ok
16:08:44.0984 3628 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
16:08:54.0343 3628 BITS - ok
16:08:54.0453 3628 [ 852A1BD08E7DFEB9E30B5440881C0501 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
16:08:55.0265 3628 BlueletAudio - ok
16:08:55.0359 3628 [ 8FC27B12A02B43947787F0EF1885DF9B ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
16:08:56.0156 3628 BlueletSCOAudio - ok
16:08:56.0234 3628 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
16:08:56.0859 3628 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
16:08:56.0859 3628 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
16:08:56.0984 3628 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
16:08:57.0343 3628 Browser - ok
16:08:57.0421 3628 [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
16:08:58.0265 3628 BT - ok
16:08:58.0359 3628 [ DA473D279420234170DA795F1CAD4479 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
16:08:59.0296 3628 Btcsrusb - ok
16:08:59.0375 3628 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:09:07.0343 3628 BthEnum - ok
16:09:07.0437 3628 [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum C:\WINDOWS\system32\Drivers\vbtenum.sys
16:09:08.0343 3628 BTHidEnum - ok
16:09:08.0421 3628 [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
16:09:09.0296 3628 BTHidMgr - ok
16:09:09.0375 3628 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
16:09:17.0125 3628 BTHMODEM - ok
16:09:17.0203 3628 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:09:24.0968 3628 BthPan - ok
16:09:25.0062 3628 [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
16:09:25.0421 3628 BTHPORT - ok
16:09:25.0515 3628 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINDOWS\System32\bthserv.dll
16:09:33.0515 3628 BthServ - ok
16:09:33.0609 3628 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:09:42.0453 3628 BTHUSB - ok
16:09:42.0546 3628 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:09:51.0375 3628 cbidf2k - ok
16:09:51.0453 3628 cd20xrnt - ok
16:09:51.0562 3628 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:09:59.0875 3628 Cdaudio - ok
16:09:59.0984 3628 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:10:08.0343 3628 Cdfs - ok
16:10:08.0437 3628 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:10:16.0453 3628 Cdrom - ok
16:10:16.0593 3628 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:10:25.0671 3628 CiSvc - ok
16:10:25.0828 3628 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:10:35.0656 3628 ClipSrv - ok
16:10:35.0828 3628 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:36.0718 3628 clr_optimization_v2.0.50727_32 - ok
16:10:36.0890 3628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:37.0609 3628 clr_optimization_v4.0.30319_32 - ok
16:10:37.0687 3628 CmdIde - ok
16:10:37.0875 3628 COMSysApp - ok
16:10:38.0109 3628 Cpqarray - ok
16:10:38.0218 3628 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Programme\SystemRequirementsLab\cpudrv.sys
16:10:39.0093 3628 cpudrv - ok
16:10:39.0265 3628 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:10:47.0953 3628 CryptSvc - ok
16:10:48.0093 3628 [ 0284C94FC495D8D08DF24C18994C1662 ] cxbu0wdm C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys
16:10:48.0531 3628 cxbu0wdm - ok
16:10:48.0609 3628 dac2w2k - ok
16:10:48.0703 3628 dac960nt - ok
16:10:48.0843 3628 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:10:49.0218 3628 DcomLaunch - ok
16:10:49.0296 3628 dgderdrv - ok
16:10:49.0421 3628 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:10:59.0000 3628 Dhcp - ok
16:10:59.0125 3628 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:11:08.0875 3628 Disk - ok
16:11:08.0984 3628 dmadmin - ok
16:11:09.0109 3628 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:11:19.0046 3628 dmboot - ok
16:11:19.0187 3628 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:11:28.0421 3628 dmio - ok
16:11:28.0531 3628 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:11:38.0328 3628 dmload - ok
16:11:38.0421 3628 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:11:47.0906 3628 dmserver - ok
16:11:48.0015 3628 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:11:56.0656 3628 DMusic - ok
16:11:56.0765 3628 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:11:57.0078 3628 Dnscache - ok
16:11:57.0187 3628 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:12:05.0515 3628 Dot3svc - ok
16:12:05.0578 3628 dpti2o - ok
16:12:05.0703 3628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:12:13.0343 3628 drmkaud - ok
16:12:13.0437 3628 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:12:14.0265 3628 e1express - ok
16:12:14.0343 3628 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:12:21.0953 3628 EapHost - ok
16:12:22.0046 3628 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\drivers\ElbyCDFL.sys
16:12:22.0906 3628 ElbyCDFL - ok
16:12:22.0984 3628 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:12:23.0828 3628 ElbyCDIO - ok
16:12:23.0906 3628 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:12:31.0500 3628 ERSvc - ok
16:12:31.0625 3628 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
16:12:31.0906 3628 Eventlog - ok
16:12:31.0968 3628 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
16:12:32.0234 3628 EventSystem - ok
16:12:32.0312 3628 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:12:39.0875 3628 Fastfat - ok
16:12:39.0968 3628 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:12:40.0234 3628 FastUserSwitchingCompatibility - ok
16:12:40.0312 3628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:12:47.0890 3628 Fdc - ok
16:12:47.0968 3628 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:12:55.0609 3628 Fips - ok
16:12:55.0750 3628 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:12:55.0937 3628 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:12:55.0937 3628 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:12:56.0015 3628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:13:03.0609 3628 Flpydisk - ok
16:13:03.0703 3628 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:13:11.0453 3628 FltMgr - ok
16:13:11.0562 3628 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:13:12.0437 3628 FontCache3.0.0.0 - ok
16:13:12.0578 3628 [ 25BAA9E7E21CA204B3202637C4F0D44E ] fpcibase C:\WINDOWS\system32\DRIVERS\fpcibase.sys
16:13:15.0875 3628 fpcibase - ok
16:13:15.0968 3628 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
16:13:16.0093 3628 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
16:13:16.0093 3628 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
16:13:16.0187 3628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:13:23.0859 3628 Fs_Rec - ok
16:13:23.0937 3628 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:13:31.0578 3628 Ftdisk - ok
16:13:31.0687 3628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:13:39.0312 3628 Gpc - ok
16:13:39.0421 3628 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
16:13:40.0156 3628 gupdate - ok
16:13:40.0218 3628 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
16:13:40.0781 3628 gupdatem - ok
16:13:40.0875 3628 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:13:48.0437 3628 HDAudBus - ok
16:13:48.0531 3628 [ CC2C8C23417CC7DDF5EDDB17E60A14DB ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
16:13:48.0765 3628 HECI - ok
16:13:48.0890 3628 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:13:56.0453 3628 helpsvc - ok
16:13:56.0546 3628 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
16:14:04.0109 3628 HidServ - ok
16:14:04.0218 3628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:14:11.0843 3628 hidusb - ok
16:14:11.0937 3628 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:14:19.0734 3628 hkmsvc - ok
16:14:19.0812 3628 hpn - ok
16:14:19.0921 3628 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:14:20.0187 3628 HTTP - ok
16:14:20.0281 3628 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:14:27.0890 3628 HTTPFilter - ok
16:14:27.0953 3628 i2omp - ok
16:14:28.0062 3628 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
16:14:35.0718 3628 i8042prt - ok
16:14:35.0843 3628 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:14:36.0734 3628 idsvc - ok
16:14:36.0843 3628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:14:44.0390 3628 Imapi - ok
16:14:44.0515 3628 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
16:14:52.0093 3628 ImapiService - ok
16:14:52.0187 3628 ini910u - ok
16:14:52.0312 3628 IntelIde - ok
16:14:52.0437 3628 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:15:00.0031 3628 intelppm - ok
16:15:00.0109 3628 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:15:07.0734 3628 Ip6Fw - ok
16:15:07.0828 3628 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:15:15.0453 3628 IpFilterDriver - ok
16:15:15.0531 3628 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:15:23.0140 3628 IpInIp - ok
16:15:23.0250 3628 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:15:30.0812 3628 IpNat - ok
16:15:30.0890 3628 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:15:38.0546 3628 IPSec - ok
16:15:38.0640 3628 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:15:43.0187 3628 IRENUM - ok
16:15:43.0296 3628 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:15:51.0000 3628 isapnp - ok
16:15:51.0156 3628 [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
16:15:51.0796 3628 JavaQuickStarterService - ok
16:15:51.0890 3628 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:15:59.0609 3628 Kbdclass - ok
16:15:59.0671 3628 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:16:07.0312 3628 kbdhid - ok
16:16:07.0406 3628 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:16:14.0984 3628 kmixer - ok
16:16:15.0078 3628 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:16:15.0375 3628 KSecDD - ok
16:16:15.0484 3628 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:16:15.0703 3628 lanmanserver - ok
16:16:15.0796 3628 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:16:16.0031 3628 lanmanworkstation - ok
16:16:16.0171 3628 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:16:23.0765 3628 LmHosts - ok
16:16:23.0937 3628 [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
16:16:24.0578 3628 lxeaCATSCustConnectService - ok
16:16:24.0640 3628 lxea_device - ok
16:16:24.0781 3628 [ 94EEC93B6EB1005940D0BA0B9C74E825 ] Matrox Centering Service c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
16:16:25.0390 3628 Matrox Centering Service - ok
16:16:25.0515 3628 [ AA8AB39DF2D3BD45DA961A25B1E4960E ] Matrox.Pdesk.ServicesHost c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
16:16:26.0062 3628 Matrox.Pdesk.ServicesHost - ok
16:16:26.0171 3628 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:16:33.0781 3628 Messenger - ok
16:16:33.0890 3628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:16:41.0468 3628 mnmdd - ok
16:16:41.0562 3628 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:16:49.0234 3628 mnmsrvc - ok
16:16:49.0328 3628 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:16:56.0968 3628 Modem - ok
16:16:57.0062 3628 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:17:04.0750 3628 Mouclass - ok
16:17:04.0859 3628 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:17:12.0515 3628 mouhid - ok
16:17:12.0609 3628 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:17:20.0703 3628 MountMgr - ok
16:17:20.0796 3628 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
16:17:21.0781 3628 MozillaMaintenance - ok
16:17:21.0859 3628 mraid35x - ok
16:17:21.0953 3628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:17:29.0656 3628 MRxDAV - ok
16:17:29.0750 3628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:17:30.0031 3628 MRxSmb - ok
16:17:30.0125 3628 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:17:37.0843 3628 MSDTC - ok
16:17:37.0968 3628 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:17:45.0578 3628 Msfs - ok
16:17:45.0703 3628 MSIServer - ok
16:17:45.0812 3628 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:17:53.0484 3628 MSKSSRV - ok
16:17:53.0578 3628 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:18:01.0281 3628 MSPCLOCK - ok
16:18:01.0359 3628 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:18:09.0015 3628 MSPQM - ok
16:18:09.0125 3628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:18:16.0687 3628 mssmbios - ok
16:18:16.0812 3628 [ ADBCCF288EA19728E689028C93309A6F ] MTXPAR C:\WINDOWS\system32\DRIVERS\MTXPARM.sys
16:18:17.0203 3628 MTXPAR - ok
16:18:17.0312 3628 [ 6DDA78A0BE692B61B668FAB860F276CF ] MTXPARH C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys
16:18:24.0953 3628 MTXPARH - ok
16:18:25.0046 3628 [ DBE7C0888FEF6AA35A235AB63CA4339B ] Mtxparmx C:\WINDOWS\system32\DRIVERS\Mtxparmx.sys
16:18:25.0343 3628 Mtxparmx - ok
16:18:25.0453 3628 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:18:25.0640 3628 Mup - ok
16:18:25.0750 3628 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
16:18:33.0390 3628 napagent - ok
16:18:33.0515 3628 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
16:18:34.0265 3628 NBService - ok
16:18:34.0359 3628 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:18:41.0937 3628 NDIS - ok
16:18:42.0046 3628 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:18:42.0281 3628 NdisTapi - ok
16:18:42.0359 3628 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:18:49.0953 3628 Ndisuio - ok
16:18:50.0031 3628 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:18:57.0671 3628 NdisWan - ok
16:18:57.0750 3628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:18:58.0000 3628 NDProxy - ok
16:18:58.0093 3628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:19:05.0671 3628 NetBIOS - ok
16:19:05.0750 3628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:19:13.0390 3628 NetBT - ok
16:19:13.0484 3628 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
16:19:21.0203 3628 NetDDE - ok
16:19:21.0265 3628 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:19:28.0843 3628 NetDDEdsdm - ok
16:19:28.0937 3628 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:19:36.0515 3628 Netlogon - ok
16:19:36.0609 3628 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
16:19:44.0203 3628 Netman - ok
16:19:44.0312 3628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:19:44.0937 3628 NetTcpPortSharing - ok
16:19:45.0046 3628 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:19:52.0625 3628 NIC1394 - ok
16:19:52.0750 3628 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
16:19:52.0984 3628 Nla - ok
16:19:53.0078 3628 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
16:19:53.0812 3628 NMIndexingService - ok
16:19:53.0890 3628 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:20:01.0484 3628 Npfs - ok
16:20:01.0546 3628 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:20:09.0203 3628 Ntfs - ok
16:20:09.0281 3628 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:20:16.0843 3628 NtLmSsp - ok
16:20:16.0953 3628 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:20:24.0671 3628 NtmsSvc - ok
16:20:24.0750 3628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:20:32.0359 3628 Null - ok
16:20:32.0453 3628 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:20:40.0062 3628 NwlnkFlt - ok
16:20:40.0156 3628 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:20:47.0734 3628 NwlnkFwd - ok
16:20:47.0828 3628 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:20:55.0406 3628 ohci1394 - ok
16:20:55.0500 3628 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:20:56.0250 3628 ose - ok
16:20:56.0328 3628 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:21:03.0921 3628 Parport - ok
16:21:04.0015 3628 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:21:11.0640 3628 PartMgr - ok
16:21:11.0718 3628 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:21:19.0359 3628 ParVdm - ok
16:21:19.0437 3628 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:21:27.0093 3628 PCI - ok
16:21:27.0171 3628 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:21:34.0812 3628 PCIIde - ok
16:21:34.0890 3628 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:21:42.0578 3628 Pcmcia - ok
16:21:42.0656 3628 perc2 - ok
16:21:42.0750 3628 perc2hib - ok
16:21:42.0984 3628 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
16:21:43.0265 3628 PlugPlay - ok
16:21:43.0328 3628 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:21:50.0906 3628 PolicyAgent - ok
16:21:50.0984 3628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:21:58.0609 3628 PptpMiniport - ok
16:21:58.0671 3628 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:22:06.0265 3628 ProtectedStorage - ok
16:22:06.0328 3628 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:22:14.0015 3628 PSched - ok
16:22:14.0093 3628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:22:21.0734 3628 Ptilink - ok
16:22:21.0781 3628 ql1080 - ok
16:22:21.0875 3628 Ql10wnt - ok
16:22:21.0984 3628 ql12160 - ok
16:22:22.0031 3628 ql1240 - ok
16:22:22.0125 3628 ql1280 - ok
16:22:22.0218 3628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:22:29.0812 3628 RasAcd - ok
16:22:29.0921 3628 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:22:37.0640 3628 RasAuto - ok
16:22:37.0718 3628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:22:45.0328 3628 Rasl2tp - ok
16:22:45.0421 3628 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:22:53.0015 3628 RasMan - ok
16:22:53.0093 3628 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:23:00.0734 3628 RasPppoe - ok
16:23:00.0796 3628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:23:08.0421 3628 Raspti - ok
16:23:08.0500 3628 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:23:16.0203 3628 Rdbss - ok
16:23:16.0265 3628 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:23:23.0906 3628 RDPCDD - ok
16:23:24.0015 3628 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:23:31.0687 3628 rdpdr - ok
16:23:31.0781 3628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:23:32.0031 3628 RDPWD - ok
16:23:32.0125 3628 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:23:39.0859 3628 RDSessMgr - ok
16:23:39.0953 3628 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:23:47.0671 3628 redbook - ok
16:23:47.0750 3628 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:23:55.0390 3628 RemoteAccess - ok
16:23:55.0484 3628 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:24:03.0156 3628 RemoteRegistry - ok
16:24:03.0250 3628 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:24:10.0937 3628 RFCOMM - ok
16:24:11.0015 3628 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
16:24:18.0656 3628 ROOTMODEM - ok
16:24:18.0734 3628 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:24:26.0375 3628 RpcLocator - ok
16:24:26.0468 3628 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:24:26.0750 3628 RpcSs - ok
16:24:26.0812 3628 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:24:34.0515 3628 RSVP - ok
16:24:34.0593 3628 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
16:24:42.0156 3628 SamSs - ok
16:24:42.0281 3628 [ CA57D847403633D0D97114071B59C2B2 ] SbieDrv C:\Programme\Sandboxie\SbieDrv.sys
16:24:43.0359 3628 SbieDrv - ok
16:24:43.0421 3628 [ 5CC11034A2E22DFF623BC922090AEBAB ] SbieSvc C:\Programme\Sandboxie\SbieSvc.exe
16:24:44.0156 3628 SbieSvc - ok
16:24:44.0265 3628 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
16:24:51.0921 3628 sbp2port - ok
16:24:52.0046 3628 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:24:59.0593 3628 SCardSvr - ok
16:24:59.0718 3628 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:25:07.0312 3628 Schedule - ok
16:25:07.0421 3628 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:25:12.0000 3628 Secdrv - ok
16:25:12.0109 3628 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
16:25:19.0687 3628 seclogon - ok
16:25:19.0750 3628 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
16:25:27.0359 3628 SENS - ok
16:25:27.0437 3628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:25:35.0078 3628 serenum - ok
16:25:35.0171 3628 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:25:42.0843 3628 Serial - ok
16:25:43.0109 3628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:25:50.0812 3628 Sfloppy - ok
16:25:50.0921 3628 [ 76BD55922B3179FA7B5BD528839E6FB4 ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
16:25:51.0218 3628 sfng32 - ok
16:25:51.0343 3628 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:25:58.0921 3628 SharedAccess - ok
16:25:59.0015 3628 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:25:59.0234 3628 ShellHWDetection - ok
16:25:59.0312 3628 Simbad - ok
16:25:59.0421 3628 [ 13D149D7114A72DACE8464B8464B7767 ] SMBios C:\WINDOWS\system32\DRIVERS\SMBios.sys
16:25:59.0531 3628 SMBios ( UnsignedFile.Multi.Generic ) - warning
16:25:59.0531 3628 SMBios - detected UnsignedFile.Multi.Generic (1)
16:25:59.0671 3628 Sparrow - ok
16:25:59.0781 3628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:26:07.0343 3628 splitter - ok
16:26:07.0453 3628 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:26:07.0718 3628 Spooler - ok
16:26:07.0843 3628 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
16:26:07.0843 3628 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
16:26:07.0843 3628 sptd ( LockedFile.Multi.Generic ) - warning
16:26:07.0843 3628 sptd - detected LockedFile.Multi.Generic (1)
16:26:07.0921 3628 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:26:12.0468 3628 sr - ok
16:26:12.0562 3628 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
16:26:17.0109 3628 srservice - ok
16:26:17.0187 3628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:26:17.0437 3628 Srv - ok
16:26:17.0546 3628 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:26:22.0062 3628 SSDPSRV - ok
16:26:22.0187 3628 [ 54946449A0EB74915A4BB34F7EE51A5A ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys
16:26:23.0000 3628 ss_bus - ok
16:26:23.0078 3628 [ 4450BC0B2E9D7D9B90E3C3DE4EA00A78 ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
16:26:23.0796 3628 ss_mdfl - ok
16:26:23.0875 3628 [ 30B8D0DD01EAD1243F329CAF7D7D1517 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
16:26:24.0609 3628 ss_mdm - ok
16:26:24.0703 3628 [ B5FE66D088A74E7ADC8263519643B45D ] STacSV C:\WINDOWS\system32\STacSV.exe
16:26:24.0765 3628 STacSV ( UnsignedFile.Multi.Generic ) - warning
16:26:24.0765 3628 STacSV - detected UnsignedFile.Multi.Generic (1)
16:26:24.0921 3628 [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
16:26:25.0578 3628 StarMoney 8.0 OnlineUpdate - ok
16:26:25.0687 3628 [ 527FD7D6919734C2A61C8AA3D5740E61 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
16:26:26.0000 3628 STHDA - ok
16:26:26.0125 3628 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:26:33.0750 3628 stisvc - ok
16:26:33.0843 3628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:26:41.0468 3628 swenum - ok
16:26:41.0546 3628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:26:49.0140 3628 swmidi - ok
16:26:49.0281 3628 SwPrv - ok
16:26:49.0437 3628 symc810 - ok
16:26:49.0531 3628 symc8xx - ok
16:26:49.0625 3628 sym_hi - ok
16:26:49.0718 3628 sym_u3 - ok
16:26:49.0828 3628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:26:57.0406 3628 sysaudio - ok
16:26:57.0531 3628 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:27:05.0250 3628 SysmonLog - ok
16:27:05.0375 3628 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:27:12.0984 3628 TapiSrv - ok
16:27:13.0078 3628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:27:13.0281 3628 Tcpip - ok
16:27:13.0390 3628 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:27:21.0046 3628 TDPIPE - ok
16:27:21.0125 3628 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:27:28.0781 3628 TDTCP - ok
16:27:28.0875 3628 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:27:36.0515 3628 TermDD - ok
16:27:36.0640 3628 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
16:27:44.0234 3628 TermService - ok
16:27:44.0312 3628 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:27:44.0531 3628 Themes - ok
16:27:44.0625 3628 [ B0B3122BFF3910E0BA97014045467778 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:27:45.0437 3628 tifsfilter - ok
16:27:45.0578 3628 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:27:50.0203 3628 TlntSvr - ok
16:27:50.0312 3628 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
16:27:51.0046 3628 TomTomHOMEService - ok
16:27:51.0109 3628 TosIde - ok
16:27:51.0234 3628 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:27:58.0843 3628 TrkWks - ok
16:27:58.0937 3628 [ 9016639C71328E4667D06119937AA20A ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
16:27:59.0890 3628 trufos - ok
16:28:00.0015 3628 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:28:07.0625 3628 Udfs - ok
16:28:07.0734 3628 ultra - ok
16:28:07.0843 3628 [ 5A5BD0F66E84EB039CB227520D49908C ] UltraMonUtility C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
16:28:08.0546 3628 UltraMonUtility - ok
16:28:08.0640 3628 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
16:28:08.0734 3628 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
16:28:08.0734 3628 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
16:28:08.0859 3628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:28:16.0484 3628 Update - ok
16:28:16.0625 3628 [ 3CC00597A30B23757AA23CB677918BEF ] Update Server C:\Programme\Gemeinsame Dateien\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
16:28:17.0625 3628 Update Server - ok
16:28:17.0734 3628 [ 03579BEC2E930B92EFD6D4E7F899CFF5 ] UPDATESRV C:\Programme\Bitdefender\Bitdefender 2012\updatesrv.exe
16:28:18.0625 3628 UPDATESRV - ok
16:28:18.0734 3628 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:28:23.0312 3628 upnphost - ok
16:28:23.0406 3628 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
16:28:31.0093 3628 UPS - ok
16:28:31.0187 3628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:28:38.0859 3628 usbccgp - ok
16:28:38.0937 3628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:28:46.0609 3628 usbehci - ok
16:28:46.0718 3628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:28:54.0390 3628 usbhub - ok
16:28:54.0500 3628 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:29:02.0156 3628 usbprint - ok
16:29:02.0250 3628 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:29:09.0906 3628 usbscan - ok
16:29:10.0000 3628 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:29:17.0671 3628 usbstor - ok
16:29:17.0750 3628 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:29:25.0421 3628 usbuhci - ok
16:29:25.0515 3628 [ 51750B0539986186C6931FC40D171521 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
16:29:26.0296 3628 VComm - ok
16:29:26.0375 3628 [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
16:29:27.0093 3628 VcommMgr - ok
16:29:27.0187 3628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:29:34.0765 3628 VgaSave - ok
16:29:34.0828 3628 ViaIde - ok
16:29:34.0906 3628 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:29:42.0562 3628 VolSnap - ok
16:29:42.0671 3628 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
16:29:47.0359 3628 VSS - ok
16:29:47.0421 3628 vsserv - ok
16:29:47.0531 3628 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
16:29:55.0156 3628 W32Time - ok
16:29:55.0265 3628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:30:16.0181 3628 Wanarp - ok
16:30:16.0275 3628 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:30:16.0978 3628 Wdf01000 - ok
16:30:17.0072 3628 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:30:24.0650 3628 wdmaud - ok
16:30:24.0759 3628 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:30:32.0462 3628 WebClient - ok
16:30:32.0665 3628 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:30:40.0212 3628 winmgmt - ok
16:30:40.0337 3628 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:30:40.0915 3628 WinRM - ok
16:30:41.0118 3628 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:30:41.0415 3628 WmdmPmSN - ok
16:30:41.0525 3628 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:30:41.0790 3628 Wmi - ok
16:30:41.0915 3628 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:30:49.0493 3628 WmiApSrv - ok
16:30:49.0587 3628 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
16:30:50.0025 3628 WMPNetworkSvc - ok
16:30:50.0150 3628 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:30:50.0743 3628 WPFFontCache_v0400 - ok
16:30:50.0900 3628 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:30:58.0509 3628 wscsvc - ok
16:30:58.0587 3628 WSearch - ok
16:30:58.0759 3628 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:31:06.0353 3628 wuauserv - ok
16:31:06.0447 3628 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:31:06.0728 3628 WudfPf - ok
16:31:06.0822 3628 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:31:07.0025 3628 WudfRd - ok
16:31:07.0118 3628 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:31:07.0337 3628 WudfSvc - ok
16:31:07.0462 3628 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:31:15.0087 3628 WZCSVC - ok
16:31:15.0134 3628 [ B9DFF9491CABBD3D2E00A350FDB4F44E ] X-Rite C:\WINDOWS\system32\DRIVERS\XrUsb.sys
16:31:15.0228 3628 X-Rite ( UnsignedFile.Multi.Generic ) - warning
16:31:15.0228 3628 X-Rite - detected UnsignedFile.Multi.Generic (1)
16:31:15.0353 3628 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:31:23.0025 3628 xmlprov - ok
16:31:23.0150 3628 ================ Scan global ===============================
16:31:23.0212 3628 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
16:31:23.0275 3628 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
16:31:23.0384 3628 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
16:31:23.0462 3628 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
16:31:23.0493 3628 [Global] - ok
16:31:23.0493 3628 ================ Scan MBR ==================================
16:31:23.0556 3628 [ 5F8B5082F3482CC06B72EC5806598AE9 ] \Device\Harddisk0\DR0
16:31:23.0775 3628 \Device\Harddisk0\DR0 - ok
16:31:23.0822 3628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:31:23.0868 3628 \Device\Harddisk1\DR1 - ok
16:31:23.0915 3628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
16:31:23.0962 3628 \Device\Harddisk2\DR2 - ok
16:31:24.0025 3628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
16:31:24.0275 3628 \Device\Harddisk3\DR3 - ok
16:31:24.0322 3628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
16:31:24.0384 3628 \Device\Harddisk4\DR4 - ok
16:31:24.0384 3628 ================ Scan VBR ==================================
16:31:24.0431 3628 [ 0DE13D75B8D92A1F0D76A34C90479297 ] \Device\Harddisk0\DR0\Partition1
16:31:24.0431 3628 \Device\Harddisk0\DR0\Partition1 - ok
16:31:24.0509 3628 [ EA2D5BBE2FC8510EA0151BFFC21DD67C ] \Device\Harddisk1\DR1\Partition1
16:31:24.0509 3628 \Device\Harddisk1\DR1\Partition1 - ok
16:31:24.0587 3628 [ 80C5082430AE64500127373FDD5F2530 ] \Device\Harddisk2\DR2\Partition1
16:31:24.0587 3628 \Device\Harddisk2\DR2\Partition1 - ok
16:31:24.0634 3628 [ 504ADF1749DD81F8573376F09089179F ] \Device\Harddisk3\DR3\Partition1
16:31:24.0634 3628 \Device\Harddisk3\DR3\Partition1 - ok
16:31:24.0728 3628 [ 5A64A021FF7592B12EA3ECD254375F24 ] \Device\Harddisk4\DR4\Partition1
16:31:24.0743 3628 \Device\Harddisk4\DR4\Partition1 - ok
16:31:24.0775 3628 ============================================================
16:31:24.0775 3628 Scan finished
16:31:24.0775 3628 ============================================================
16:31:24.0978 3592 Detected object count: 9
16:31:24.0978 3592 Actual detected object count: 9
17:11:42.0478 3592 ATMsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0478 3592 ATMsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0478 3592 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0478 3592 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0493 3592 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0493 3592 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0493 3592 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0493 3592 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0493 3592 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0493 3592 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0509 3592 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:11:42.0509 3592 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:11:42.0525 3592 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0525 3592 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0540 3592 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0540 3592 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:11:42.0556 3592 X-Rite ( UnsignedFile.Multi.Generic ) - skipped by user
17:11:42.0556 3592 X-Rite ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:12:05.0837 0708 Deinitialize success
|
|
| Themen zu Windows XP Prof SP 3 startet mit Pause, langsamer Bildaufbau, häufige CPU-Auslastung |
| auslastung, bildschirm, cpu-auslastung, definition, einiger, explorer, fujitsu, komplette, langsam, langsamer, meldung, merkwürdige, pause, platte, process, professional, rechner, schwarzer, schwarzer bildschirm, sekunden, starte, startet, system, windows, windows langsam, windows xp |
Linear-Darstellung
