Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom Abuse Team Sicherheitswarnung: Spam-Mails

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.01.2015, 18:37   #1
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Hallo,

ich habe heute einen Brief von der Telekom erhalten mit dem Betreff: "Wichtige Sicherheitswarnung zu Ihrem Internetzugang". Darin wird behauptet, dass es Hinweise auf den Versand von Spam-Mails durch diesen Anschluss gibt.

Da es in unserem Haushalt vier Computer und drei Smartphones gibt, weiß ich also nicht von welchem System diese Emails versendet worden sein sollen. Zwei Computer nutzen Windows und zwei Mac OS X.

Ich hoffe Sie können mir helfen.

Mit freundlichem Gruß,
hitboxer

Alt 07.01.2015, 18:45   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 07.01.2015, 18:49   #3
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Rene (administrator) on RENE-PC on 07-01-2015 19:22:23
Running from C:\Users\Rene\Desktop
Loaded Profile: Rene (Available profiles: Rene)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1858689066-4223474752-1546550983-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-1858689066-4223474752-1546550983-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1858689066-4223474752-1546550983-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\35t07gqv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\35t07gqv.default\Extensions\abs@avira.com [2015-01-07]
FF Extension: YouTube High Definition - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\35t07gqv.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-12-01]
FF Extension: Adblock Plus - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\35t07gqv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [106608 2014-12-21] (<Turtle Entertainment>)
R3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2014-12-01] (SweetLow)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 kxldrpow; \??\C:\Users\Rene\AppData\Local\Temp\kxldrpow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:22 - 2015-01-07 19:22 - 00011620 _____ () C:\Users\Rene\Desktop\FRST.txt
2015-01-07 19:21 - 2015-01-07 19:21 - 00050477 _____ () C:\Users\Rene\Desktop\Defogger.exe
2015-01-07 19:21 - 2015-01-07 19:21 - 00000470 _____ () C:\Users\Rene\Desktop\defogger_disable.log
2015-01-07 19:21 - 2015-01-07 19:21 - 00000000 _____ () C:\Users\Rene\defogger_reenable
2015-01-07 19:16 - 2015-01-07 19:17 - 00001009 _____ () C:\Users\Rene\Desktop\Neues Textdokument.txt
2015-01-07 19:16 - 2015-01-07 19:16 - 00380416 _____ () C:\Users\Rene\Desktop\Gmer-19357.exe
2015-01-07 19:12 - 2015-01-07 19:22 - 00000000 ____D () C:\FRST
2015-01-07 19:12 - 2015-01-07 19:12 - 00054454 _____ () C:\Users\Rene\Desktop\avira.txt
2015-01-07 18:45 - 2015-01-07 18:45 - 02124288 _____ (Farbar) C:\Users\Rene\Desktop\FRST64.exe
2015-01-07 18:44 - 2015-01-07 18:44 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 18:42 - 2015-01-07 18:42 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\Avira
2015-01-07 18:42 - 2015-01-07 18:41 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-07 18:40 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-07 18:40 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-07 18:40 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-07 18:38 - 2015-01-07 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-07 18:38 - 2015-01-07 18:40 - 00000000 ____D () C:\ProgramData\Avira
2015-01-07 18:38 - 2015-01-07 18:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-07 18:38 - 2015-01-07 18:38 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-07 18:35 - 2015-01-07 18:35 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Rene\Desktop\avira_de_av_5767243779__ws.exe
2015-01-06 19:53 - 2015-01-06 19:53 - 00291296 _____ () C:\Windows\Minidump\010615-8860-01.dmp
2014-12-28 19:24 - 2014-12-28 19:24 - 00288139 _____ () C:\Users\Rene\Desktop\ESL.zip
2014-12-28 15:08 - 2014-12-28 15:08 - 00000727 _____ () C:\Users\Rene\Desktop\ESL Matchmedia - Verknüpfung.lnk
2014-12-28 00:37 - 2014-12-28 00:37 - 00291296 _____ () C:\Windows\Minidump\122814-8860-01.dmp
2014-12-27 15:19 - 2014-12-27 15:19 - 00000000 ____D () C:\Users\Rene\Documents\SimCity
2014-12-27 15:08 - 2014-12-27 15:08 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 23:06 - 2014-12-27 15:19 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\Origin
2014-12-26 23:06 - 2014-12-26 23:06 - 00000000 ____D () C:\Users\Rene\AppData\Local\Origin
2014-12-26 23:02 - 2015-01-05 02:56 - 00000000 ____D () C:\ProgramData\Origin
2014-12-26 23:02 - 2014-12-27 15:19 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-26 23:02 - 2014-12-26 23:02 - 00000692 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-21 18:23 - 2014-12-21 18:23 - 00106608 _____ (<Turtle Entertainment>) C:\Windows\system32\Drivers\ESLWireACD.sys
2014-12-20 23:52 - 2012-01-25 10:54 - 00000000 ____D () C:\Users\Rene\Desktop\278992873_asd
2014-12-20 23:02 - 2014-12-20 23:02 - 02130731 _____ () C:\Users\Rene\Desktop\278992873_asd.rar
2014-12-20 10:05 - 2014-12-20 10:05 - 00291408 _____ () C:\Windows\Minidump\122014-8923-01.dmp
2014-12-18 09:08 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-18 09:08 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-18 00:31 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 00:31 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 18:10 - 2014-12-17 18:10 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\Gyazo
2014-12-17 18:08 - 2014-12-17 19:08 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-12-17 18:08 - 2014-12-17 18:08 - 00003740 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-12-17 18:08 - 2014-12-17 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-12-17 07:59 - 2014-12-17 07:59 - 00010648 ____R () C:\Users\Rene\Desktop\config.cfg
2014-12-16 13:22 - 2014-12-13 06:54 - 00886784 _____ (Microsoft) C:\Users\Rene\Desktop\Matchmaking Server Picker.exe
2014-12-14 17:29 - 2014-12-14 17:29 - 00291408 _____ () C:\Windows\Minidump\121414-7753-01.dmp
2014-12-14 10:44 - 2014-12-14 10:44 - 00000000 ____D () C:\Users\Rene\AppData\Local\Blizzard
2014-12-14 10:32 - 2014-12-14 10:32 - 00000820 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-12-14 10:32 - 2014-12-14 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-12-14 10:31 - 2014-12-19 14:53 - 00000000 ____D () C:\Users\Rene\AppData\Local\Battle.net
2014-12-14 10:31 - 2014-12-14 10:31 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\Battle.net
2014-12-14 10:31 - 2014-12-14 10:31 - 00000000 ____D () C:\Users\Rene\AppData\Local\Blizzard Entertainment
2014-12-14 10:31 - 2014-12-14 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-12-14 10:31 - 2014-12-14 10:31 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-14 10:28 - 2014-12-14 10:28 - 00000000 ____D () C:\ProgramData\Battle.net
2014-12-13 03:48 - 2014-12-28 17:36 - 00000000 ____D () C:\Users\Rene\AppData\Local\ESL Wire Game Client
2014-12-13 03:48 - 2014-12-13 03:48 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2014-12-13 03:48 - 2014-12-13 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2014-12-13 03:48 - 2014-12-13 03:48 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-12-13 03:48 - 2014-12-13 03:48 - 00000000 ____D () C:\Program Files\EslWire
2014-12-13 03:33 - 2014-12-13 03:33 - 00673797 _____ () C:\Users\Rene\Desktop\SHOX-GUI.RAR
2014-12-10 22:11 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 22:11 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 22:11 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 22:11 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 22:11 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 22:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 22:11 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 22:11 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 22:11 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 22:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 22:11 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 22:11 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 22:11 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 22:11 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 22:11 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 22:11 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 22:11 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 22:11 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 22:11 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 22:11 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 22:11 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 22:11 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 22:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 22:11 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 22:11 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 22:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 22:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 22:11 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 22:11 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 22:11 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 22:11 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 22:11 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 22:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 22:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 22:11 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 22:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 22:11 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 22:11 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 22:11 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 22:11 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 22:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 22:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 22:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 22:11 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 22:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 22:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 22:11 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 22:11 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 22:11 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 22:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 22:11 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 22:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 22:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 22:10 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 22:10 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 22:00 - 2014-12-10 22:00 - 00010524 _____ () C:\Users\Rene\Desktop\BenQ XL2420Z 120Hz.icm
2014-12-09 01:57 - 2014-12-09 01:57 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Rene-PC-Rene
2014-12-09 01:57 - 2014-12-09 01:57 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\PDAppFlex
2014-12-09 01:57 - 2014-12-09 01:57 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-09 01:53 - 2014-12-09 01:55 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-12-09 01:53 - 2014-12-09 01:53 - 00000000 ____D () C:\Program Files\Adobe
2014-12-09 01:52 - 2014-12-09 01:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 01:38 - 2014-12-09 01:38 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-09 01:38 - 2014-12-09 01:38 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:21 - 2014-12-01 13:18 - 00000000 ____D () C:\Users\Rene
2015-01-07 19:20 - 2014-12-01 13:18 - 01252140 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 19:17 - 2014-12-01 13:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-07 19:09 - 2014-12-01 13:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 19:04 - 2009-07-14 05:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 19:04 - 2009-07-14 05:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 18:44 - 2014-12-02 12:34 - 00136208 _____ () C:\Windows\DPINST.LOG
2015-01-07 18:44 - 2014-12-02 12:32 - 00000000 ____D () C:\Users\Rene\AppData\Local\Razer
2015-01-07 18:44 - 2014-12-02 12:32 - 00000000 ____D () C:\ProgramData\Razer
2015-01-07 18:44 - 2014-12-02 12:32 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-01-07 18:38 - 2014-12-01 14:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 17:54 - 2014-12-01 14:26 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\TS3Client
2015-01-07 13:10 - 2011-04-12 08:43 - 00668390 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 13:10 - 2011-04-12 08:43 - 00135202 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 13:10 - 2009-07-14 06:13 - 01539588 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 13:04 - 2014-12-06 01:09 - 00000000 ____D () C:\Users\Rene\AppData\Local\Adobe
2015-01-07 13:04 - 2014-12-01 13:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-07 13:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 13:04 - 2009-07-14 05:51 - 00042515 _____ () C:\Windows\setupact.log
2015-01-06 19:53 - 2014-12-05 20:16 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 15:07 - 2010-11-21 04:47 - 00005448 _____ () C:\Windows\PFRO.log
2014-12-26 23:47 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-17 07:33 - 2014-12-01 15:35 - 00052323 _____ () C:\Windows\DirectX.log
2014-12-16 11:41 - 2014-12-01 13:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 11:41 - 2014-12-01 13:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 11:41 - 2014-12-01 13:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 06:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 01:12 - 2014-12-01 13:53 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 01:12 - 2014-12-01 13:53 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-13 01:12 - 2014-12-01 13:53 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-13 01:12 - 2014-12-01 13:53 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-11 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:12 - 2014-12-01 13:28 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 22:12 - 2014-12-01 13:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 18:19 - 2014-12-06 01:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 01:57 - 2014-12-05 00:24 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\NVIDIA
2014-12-09 01:57 - 2014-12-01 13:30 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\Adobe
2014-12-09 01:56 - 2014-12-06 01:10 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-09 01:38 - 2014-12-06 01:10 - 00000000 ____D () C:\Program Files (x86)\Adobe

Some content of TEMP:
====================
C:\Users\Rene\AppData\Local\Temp\avgnt.exe
C:\Users\Rene\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe
C:\Users\Rene\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 01:58

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Rene at 2015-01-07 19:22:34
Running from C:\Users\Rene\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{07C5D2FF-2AA8-46D1-B9E8-BACCD34C8E01}) (Version: 12.1.4.154 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 Hotfix Rollup (KB2974336) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52245 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version:   -  )
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-01-2015 17:22:42 Geplanter Prüfpunkt
07-01-2015 18:44:20 Removed Razer Synapse 2.0.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3F0AE74A-0EA0-47AE-8501-402922BF63E5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {59A7DA8E-578B-460E-A201-A255529DAF5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-16] (Adobe Systems Incorporated)
Task: {8592470C-7D68-43C6-8861-453412CD4997} - System32\Tasks\AdobeAAMUpdater-1.0-Rene-PC-Rene => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {D86D21CE-4C8A-412A-B43B-DBC300B4B1E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D96F0F21-89F2-410C-950A-87A154CBBD82} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-12-01 13:52 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-13 03:49 - 2014-01-28 11:40 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2014-12-13 03:49 - 2014-10-09 15:22 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-02 18:48 - 2014-12-02 18:48 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1858689066-4223474752-1546550983-500 - Administrator - Disabled)
Gast (S-1-5-21-1858689066-4223474752-1546550983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1858689066-4223474752-1546550983-1003 - Limited - Enabled)
Rene (S-1-5-21-1858689066-4223474752-1546550983-1001 - Administrator - Enabled) => C:\Users\Rene

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Videocontroller
Description: Videocontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 05:15:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/07/2015 01:06:47 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/06/2015 07:55:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/06/2015 07:54:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.0.5442, Zeitstempel: 0x54754d35
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.0.5442, Zeitstempel: 0x54754649
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1084
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/06/2015 07:47:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/06/2015 02:56:53 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/05/2015 11:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.0.5442, Zeitstempel: 0x54754d35
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.0.5442, Zeitstempel: 0x54754649
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x26c8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/04/2015 01:58:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/03/2015 11:36:54 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/03/2015 02:09:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (01/07/2015 06:44:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/06/2015 07:53:58 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP010615-8860-01

Error: (01/06/2015 07:53:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎01.‎2015 um 19:52:56 unerwartet heruntergefahren.

Error: (01/02/2015 03:27:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎01.‎2015 um 02:52:07 unerwartet heruntergefahren.

Error: (12/28/2014 02:41:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/28/2014 02:41:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/28/2014 02:41:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/28/2014 00:37:21 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP122814-8860-01

Error: (12/28/2014 00:37:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎12.‎2014 um 00:36:08 unerwartet heruntergefahren.

Error: (12/20/2014 10:05:07 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP122014-8923-01


Microsoft Office Sessions:
=========================
Error: (01/07/2015 05:15:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (01/07/2015 01:06:47 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 07:55:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 07:54:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.0.544254754d35mozalloc.dll34.0.0.5442547546498000000300001425108401d029e227110998C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6db68683-95d5-11e4-b43f-bc5ff4758777

Error: (01/06/2015 07:47:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (01/06/2015 02:56:53 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 11:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.0.544254754d35mozalloc.dll34.0.0.544254754649800000030000142526c801d028d3414d6b61C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0fb38783-94c8-11e4-a9ea-bc5ff4758777

Error: (01/04/2015 01:58:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (01/03/2015 11:36:54 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 02:09:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 15%
Total physical RAM: 16265.23 MB
Available physical RAM: 13755.09 MB
Total Pagefile: 32528.63 MB
Available Pagefile: 29816.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.31 GB) (Free:4.64 GB) NTFS
Drive e: () (Fixed) (Total:149.05 GB) (Free:122.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C00DC00D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: 69C073AE)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 08.01.2015, 06:17   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Dann jetzt bitte noch FRST Logs von dem anderen Windows Rechner
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 07:22   #5
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Moin, moin!


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Günni (administrator) on G-95B0E170C0764 on 08-01-2015 08:23:56
Running from C:\Dokumente und Einstellungen\Günni\Desktop
Loaded Profile: Günni (Available profiles: Günni)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Intel(R) Corporation) C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
() C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
(Hewlett-Packard Company) C:\Programme\HP\HP Software Update\hpwuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Programme\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
(Hewlett-Packard) C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
() C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\updrgui.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelZeroConfig] => C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2004-09-13] (Hewlett-Packard Company)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Avira Systray] => C:\Programme\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TomcatStartup 2.5] => C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [245760 2004-11-12] (Hewlett-Packard)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1482476501-1409082233-682003330-1003\...\MountPoints2: {0e61a694-2b90-11e3-bab7-00166f6068f3} - E:\SafeStick.exe
HKU\S-1-5-21-1482476501-1409082233-682003330-1003\...\MountPoints2: {176f4154-8394-11e3-bb65-00166f6068f3} - E:\KDMElite.exe
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
ShortcutTarget: HP Image Zone Schnellstart.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Programme\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Dokumente und Einstellungen\Günni\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Programme\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1482476501-1409082233-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=a49796d900000000000000166f6068f3
HKU\S-1-5-21-1482476501-1409082233-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=a49796d900000000000000166f6068f3" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1482476501-1409082233-682003330-1003 -> DefaultScope {E32160D6-15C3-4F11-9715-5514E6E950B6} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=a49796d900000000000000166f6068f3&r=62
SearchScopes: HKU\S-1-5-21-1482476501-1409082233-682003330-1003 -> {E32160D6-15C3-4F11-9715-5514E6E950B6} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=a49796d900000000000000166f6068f3&r=62
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Programme\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Programme\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\user.js
FF SearchPlugin: C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\searchplugins\softonic.xml
FF Extension: Avira Browser Safety - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\abs@avira.com [2015-01-07]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff [2013-12-02]
FF HKU\S-1-5-21-1482476501-1409082233-682003330-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default
CHR Extension: (Softonic Chrome Toolbar) - C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-02]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Programme\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "d89bd8cd32fcaf20" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182184 2013-07-20] (Oracle Corporation)
S3 McComponentHostService; C:\Programme\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-10] (Mozilla Foundation)
S4 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation ) [File not signed]
R2 syshost32; C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe [102912 2014-07-21] () [File not signed]
R2 WLANKEEPER; C:\Programme\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-02-21] (Intel(R) Corporation) [File not signed]
S4 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2013-07-20] (Meetinghouse Data Communications) [File not signed]
S2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-29] (Adaptec, Inc.) [File not signed]
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 HPPLSBULK; C:\WINDOWS\System32\drivers\hpplsbulk.sys [9344 2005-02-02] (Hewlett Packard)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2004-12-24] (HP)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
U5 d89bd8cd32fcaf20; C:\Windows\System32\Drivers\d89bd8cd32fcaf20.sys [37376 2014-07-21] () <===== ATTENTION Necurs Rootkit?
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 08:23 - 2015-01-08 08:24 - 00015598 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\FRST.txt
2015-01-08 08:23 - 2015-01-08 08:24 - 00000000 ____D () C:\FRST
2015-01-08 08:23 - 2015-01-08 08:23 - 01115648 _____ (Farbar) C:\Dokumente und Einstellungen\Günni\Desktop\FRST.exe
2015-01-07 20:16 - 2015-01-07 20:20 - 00269310 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 20:16 - 2015-01-07 20:20 - 00269310 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1409082233-682003330-1003-0.dat
2015-01-07 17:43 - 2015-01-07 17:43 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
2015-01-07 17:43 - 2015-01-07 17:43 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Avira
2015-01-07 17:41 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-07 17:41 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-07 17:41 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-07 17:41 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2015-01-07 17:37 - 2015-01-07 17:37 - 00063600 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-07 17:37 - 2015-01-07 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AviraSpeedup
2015-01-07 17:35 - 2015-01-07 17:42 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
2015-01-07 17:35 - 2015-01-07 17:41 - 00000000 ____D () C:\Programme\Avira
2015-01-07 17:35 - 2015-01-07 17:41 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2015-01-07 17:35 - 2015-01-07 17:35 - 04549888 _____ (Avira Operations & Co. KG) C:\Dokumente und Einstellungen\Günni\Desktop\avira_de_av_5767105339__ws.exe
2015-01-07 17:35 - 2015-01-07 17:35 - 00000834 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Avira.lnk
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-12-29 19:29 - 2014-12-29 19:29 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee
2014-12-29 18:54 - 2014-12-29 18:54 - 00000000 ____D () C:\Programme\McAfee Security Scan
2014-12-29 18:54 - 2014-12-29 18:54 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
2014-12-26 11:49 - 2014-12-29 18:54 - 00001749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
2014-12-26 11:49 - 2014-12-29 18:54 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan
2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2014-12-19 20:00 - 2014-12-19 20:01 - 24743106 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\vlc-2.1.5-win32.exe
2014-12-10 19:26 - 2014-12-10 19:27 - 00000000 ____D () C:\Programme\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 08:24 - 2013-07-20 18:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp
2015-01-08 08:22 - 2014-04-10 17:54 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Eigene Dateien\Mein Steuer-Sparbuch Heute
2015-01-08 08:20 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-08 08:18 - 2013-08-05 19:16 - 00000270 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-682003330-1003.job
2015-01-08 08:18 - 2013-07-20 18:59 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-01-08 08:18 - 2013-07-20 18:59 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-08 08:18 - 2013-07-20 18:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 20:20 - 2013-07-20 18:11 - 00000300 ___SH () C:\Dokumente und Einstellungen\Günni\ntuser.ini
2015-01-07 20:20 - 2013-07-20 18:10 - 00032398 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-07 20:20 - 2013-07-20 18:05 - 01514878 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 19:45 - 2014-01-22 19:35 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-07 19:24 - 2013-07-20 18:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2015-01-07 19:17 - 2013-07-20 18:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 17:56 - 2013-07-20 19:47 - 00000000 ____D () C:\WINDOWS\repair
2015-01-07 17:56 - 2013-07-20 18:55 - 00684152 _____ () C:\WINDOWS\setupapi.log
2015-01-07 17:56 - 2013-07-20 18:03 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-07 17:35 - 2013-07-20 18:56 - 00000000 ___RD () C:\Programme
2015-01-07 17:35 - 2013-07-20 18:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-01-07 17:33 - 2013-07-20 18:56 - 01250612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-29 19:54 - 2013-08-14 20:23 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Eigene Dateien\Günni
2014-12-29 18:54 - 2013-07-20 18:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2014-12-26 11:49 - 2013-07-20 18:53 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-26 11:49 - 2013-07-20 18:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-26 11:48 - 2013-07-20 18:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-12-12 20:10 - 2013-07-20 18:46 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\avgnt.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\hpzmsi01.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\hpzscr01.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\hpzshl01.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\setup_wm.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\stubhelper.dll
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\_Installation Guide.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Günni at 2015-01-08 08:25:04
Running from C:\Dokumente und Einstellungen\Günni\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Dienstprogramm zur Deinstallation der Software (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5154 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.131.1.2-050706a-025030C-Dell - )
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.1.7.717 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.18.1128 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
Hotfix für Windows Media Player 11 (KB939683) (HKLM\...\KB939683) (Version:  - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB932716-v2) (HKLM\...\KB932716-v2) (Version: 2 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
HP Color LaserJet 2820/2830/2840 2.0 (HKLM\...\{1030DCDC-2425-407d-BEE1-13558B837FCA}) (Version: 2.0 - HP)
HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - Hewlett-Packard)
hpp2800usg (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppCLJ2800 (Version: 002.000.00004 - Ihr Firmenname) Hidden
hppDustDevil (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppFaxDrv (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppFonts (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppIOFiles (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppManuals2800 (Version: 002.000.00004 - Ihr Firmenname) Hidden
hppscan2800 (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppScanTo (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppSendFax (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppTooCool (Version: 002.000.00004 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Macromedia FreeHand 9 (HKLM\...\Macromedia FreeHand 9) (Version: 9 - Macromedia)
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mDrWiFi (Version: 9.03.0000 - Intel Corporation) Hidden
mHlpDell (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIWA (Version: 9.03.0000 - Intel Corporation) Hidden
mLogView (Version: 9.03.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.03.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 9.03.0000 - Intel Corporation) Hidden
mSSO (Version: 9.03.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
mZConfig (Version: 9.03.0000 - Intel Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Scan (Version: 4.9.0.0 - Hewlett-Packard) Hidden
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2803821) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB954155) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB973540) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB975558) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB978695) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2846071) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Softonic toolbar  on IE and Chrome (HKLM\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-1482476501-1409082233-682003330-1003\...\{3813890B-1DC2-414C-BDED-833ECC575B97}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-02-2014 21:17:52 Software Distribution Service 3.0
15-02-2014 18:33:41 Software Distribution Service 3.0
16-02-2014 20:13:28 Systemprüfpunkt
23-02-2014 19:39:11 Systemprüfpunkt
27-02-2014 09:21:18 Systemprüfpunkt
28-02-2014 17:13:50 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
28-02-2014 17:14:27 OpenOffice 4.0.1 wird installiert
02-03-2014 12:23:57 Systemprüfpunkt
05-03-2014 15:35:00 Systemprüfpunkt
08-03-2014 18:44:59 Systemprüfpunkt
09-03-2014 17:45:29 Software Distribution Service 3.0
14-03-2014 19:27:05 Software Distribution Service 3.0
16-03-2014 11:19:13 Systemprüfpunkt
18-03-2014 19:35:52 Software Distribution Service 3.0
23-03-2014 19:22:09 Systemprüfpunkt
29-03-2014 13:08:24 Systemprüfpunkt
09-04-2014 17:23:42 Installiert WISO Steuer-Sparbuch 2014
09-04-2014 18:00:10 Software Distribution Service 3.0
12-04-2014 15:40:55 Systemprüfpunkt
21-04-2014 15:42:25 Systemprüfpunkt
23-04-2014 19:04:58 Systemprüfpunkt
03-05-2014 18:25:21 Systemprüfpunkt
03-05-2014 18:40:27 Software Distribution Service 3.0
10-05-2014 18:21:15 Systemprüfpunkt
11-05-2014 19:46:25 Systemprüfpunkt
16-05-2014 19:55:36 Software Distribution Service 3.0
18-05-2014 17:27:44 Systemprüfpunkt
12-06-2014 18:33:04 Software Distribution Service 3.0
14-06-2014 11:07:36 Systemprüfpunkt
15-06-2014 16:33:56 Systemprüfpunkt
05-07-2014 18:07:37 Systemprüfpunkt
10-07-2014 20:48:25 Software Distribution Service 3.0
17-07-2014 11:55:38 Systemprüfpunkt
21-07-2014 15:53:51 Systemprüfpunkt
24-08-2014 09:57:24 Systemprüfpunkt
31-08-2014 16:59:49 Systemprüfpunkt
14-09-2014 11:39:05 Systemprüfpunkt
28-09-2014 15:14:53 Systemprüfpunkt
25-10-2014 13:49:52 Systemprüfpunkt
15-11-2014 17:19:25 Systemprüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 13:00 - 2004-08-04 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-682003330-1003.job => C:\Programme\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-682003330-1003.job => C:\Programme\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2007-02-21 10:13 - 2007-02-21 10:13 - 00118784 _____ () C:\Programme\Intel\Wireless\Bin\IWMSPROV.DLL
2014-01-26 16:07 - 2014-01-26 16:07 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f79e5a2c\mscorlib.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_9ff81078\system.windows.forms.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_413305d7\system.dll
2014-01-26 16:07 - 2014-01-26 16:07 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_04fb2de0\system.drawing.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a7f44f6e\system.xml.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00020572 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
2014-01-22 19:57 - 2014-01-22 19:57 - 00802901 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00028776 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00053342 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\verify.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00094308 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\java.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00053349 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\zip.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00032864 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\net.dll
2014-01-22 19:58 - 2004-08-20 14:02 - 00102400 _____ () C:\WINDOWS\system32\PMLJNI.dll
2014-01-22 19:58 - 2005-02-03 18:31 - 00032768 _____ () C:\WINDOWS\system32\compJNI.dll
2014-01-22 19:58 - 2003-06-16 22:52 - 00074752 _____ () C:\WINDOWS\system32\jst.dll
2006-10-17 15:13 - 2006-10-17 15:13 - 01167360 _____ () C:\Programme\Intel\Wireless\Bin\acAuth.dll
2014-12-10 19:26 - 2014-12-10 19:26 - 03758192 _____ () C:\Programme\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ATIPTA => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\WINDOWS\system32\WLTRAY.exe
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Status Monitor CLJ1500 => C:\Programme\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1482476501-1409082233-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1482476501-1409082233-682003330-1004 - Limited - Enabled)
Gast (S-1-5-21-1482476501-1409082233-682003330-501 - Limited - Disabled)
Günni (S-1-5-21-1482476501-1409082233-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Günni
Hilfeassistent (S-1-5-21-1482476501-1409082233-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1482476501-1409082233-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Modem
Description: PCI-Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.


System errors:
=============
Error: (01/08/2015 08:21:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/08/2015 08:20:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/08/2015 08:20:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/08/2015 08:20:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/08/2015 08:20:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/08/2015 08:19:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/08/2015 08:19:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (01/07/2015 08:19:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/07/2015 08:19:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/07/2015 08:18:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005


==================== Memory info =========================== 

Processor:  Intel(R) Pentium(R) M processor 2.13GHz
Percentage of memory in use: 44%
Total physical RAM: 2047.39 MB
Available physical RAM: 1127.63 MB
Total Pagefile: 3940.24 MB
Available Pagefile: 3078.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:29.13 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 23F12D67)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 08.01.2015, 08:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Der XP Rechner ist ja hoffentlich nicht mehr online oder? Dann kannste Passwörter, Logins und Co auch gleich verschenken. XP ist nicht mehr vertrauenswürdig.

der Win7 rechner zeigt Auffälligkeiten, aber der XP ist definitiv der Schuldige.


XP:

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Telekom Abuse Team Sicherheitswarnung: Spam-Mails

Alt 08.01.2015, 08:47   #7
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Leider ist er schon noch 1 - 2 mal online pro Woche.

XP TDSSKiller:

Code:
ATTFilter
09:47:49.0640 0x0b9c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
09:47:57.0406 0x0b9c  ============================================================
09:47:57.0406 0x0b9c  Current date / time: 2015/01/08 09:47:57.0406
09:47:57.0406 0x0b9c  SystemInfo:
09:47:57.0406 0x0b9c  
09:47:57.0406 0x0b9c  OS Version: 5.1.2600 ServicePack: 3.0
09:47:57.0406 0x0b9c  Product type: Workstation
09:47:57.0406 0x0b9c  ComputerName: G-95B0E170C0764
09:47:57.0406 0x0b9c  UserName: Günni
09:47:57.0406 0x0b9c  Windows directory: C:\WINDOWS
09:47:57.0406 0x0b9c  System windows directory: C:\WINDOWS
09:47:57.0406 0x0b9c  Processor architecture: Intel x86
09:47:57.0406 0x0b9c  Number of processors: 1
09:47:57.0406 0x0b9c  Page size: 0x1000
09:47:57.0406 0x0b9c  Boot type: Normal boot
09:47:57.0406 0x0b9c  ============================================================
09:47:57.0421 0x0b9c  BG loaded
09:47:57.0562 0x0b9c  System UUID: {A9A1087A-57D7-5453-0240-935E98DAC18B}
09:47:59.0906 0x0b9c  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
09:47:59.0906 0x0b9c  ============================================================
09:47:59.0906 0x0b9c  \Device\Harddisk0\DR0:
09:47:59.0906 0x0b9c  MBR partitions:
09:47:59.0906 0x0b9c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
09:47:59.0906 0x0b9c  ============================================================
09:47:59.0953 0x0b9c  C: <-> \Device\Harddisk0\DR0\Partition1
09:47:59.0953 0x0b9c  ============================================================
09:47:59.0953 0x0b9c  Initialize success
09:47:59.0953 0x0b9c  ============================================================
09:48:28.0406 0x0480  ============================================================
09:48:28.0406 0x0480  Scan started
09:48:28.0406 0x0480  Mode: Manual; SigCheck; TDLFS; 
09:48:28.0406 0x0480  ============================================================
09:48:28.0406 0x0480  KSN ping started
09:48:28.0796 0x0480  KSN ping finished: true
09:48:31.0078 0x0480  ================ Scan system memory ========================
09:48:34.0328 0x0480  System memory - ok
09:48:34.0328 0x0480  ================ Scan services =============================
09:48:34.0515 0x0480  Abiosdsk - ok
09:48:34.0515 0x0480  abp480n5 - ok
09:48:34.0593 0x0480  [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:48:35.0015 0x0480  ACPI - ok
09:48:35.0156 0x0480  [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:48:35.0296 0x0480  ACPIEC - ok
09:48:35.0390 0x0480  [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:48:35.0421 0x0480  AdobeFlashPlayerUpdateSvc - ok
09:48:35.0437 0x0480  adpu160m - ok
09:48:35.0453 0x0480  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:48:35.0562 0x0480  aec - ok
09:48:35.0609 0x0480  [ 375EB0B97E3950ADEF3633C27A82438B, A79AF11EFAFFAB0CBB0A7A21AD53072C44EFA2EB375981201DE1EF03F3564A12 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:48:35.0640 0x0480  AegisP - detected UnsignedFile.Multi.Generic ( 1 )
09:48:35.0765 0x0480  Detect skipped due to KSN trusted
09:48:35.0765 0x0480  AegisP - ok
09:48:35.0828 0x0480  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:48:35.0921 0x0480  AFD - ok
09:48:35.0937 0x0480  Aha154x - ok
09:48:35.0937 0x0480  aic78u2 - ok
09:48:35.0953 0x0480  aic78xx - ok
09:48:35.0984 0x0480  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:48:36.0156 0x0480  Alerter - ok
09:48:36.0203 0x0480  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG             C:\WINDOWS\System32\alg.exe
09:48:36.0468 0x0480  ALG - ok
09:48:36.0484 0x0480  AliIde - ok
09:48:36.0484 0x0480  amsint - ok
09:48:36.0671 0x0480  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
09:48:37.0187 0x0480  AntiVirSchedulerService - ok
09:48:37.0281 0x0480  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
09:48:37.0312 0x0480  AntiVirService - ok
09:48:37.0359 0x0480  [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:48:37.0468 0x0480  AppMgmt - ok
09:48:37.0468 0x0480  asc - ok
09:48:37.0484 0x0480  asc3350p - ok
09:48:37.0484 0x0480  asc3550 - ok
09:48:37.0671 0x0480  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:48:37.0703 0x0480  aspnet_state - ok
09:48:37.0734 0x0480  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:48:37.0906 0x0480  AsyncMac - ok
09:48:37.0953 0x0480  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:48:38.0109 0x0480  atapi - ok
09:48:38.0109 0x0480  Atdisk - ok
09:48:38.0203 0x0480  [ DFEA480EE09BDEB7F51244900170E173, 60B2D97DB6E806176D44A52707E7ED1E36C911B88FF36D0F43C24BD5DDE28CBD ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
09:48:38.0312 0x0480  Ati HotKey Poller - ok
09:48:38.0421 0x0480  [ 2A6C99CFDC23C9C26D0E30B1C99748D4, ADA8FC9C0B308FC6175947AC716AC463B5A575D7F94720359BF7BBB4ED69F47F ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:48:38.0609 0x0480  ati2mtag - ok
09:48:38.0671 0x0480  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:48:38.0875 0x0480  Atmarpc - ok
09:48:38.0921 0x0480  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:48:39.0062 0x0480  AudioSrv - ok
09:48:39.0109 0x0480  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:48:39.0625 0x0480  audstub - ok
09:48:39.0734 0x0480  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:48:40.0218 0x0480  avgntflt - ok
09:48:40.0234 0x0480  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:48:40.0265 0x0480  avipbb - ok
09:48:40.0343 0x0480  [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe
09:48:40.0375 0x0480  Avira.OE.ServiceHost - ok
09:48:40.0375 0x0480  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:48:40.0390 0x0480  avkmgr - ok
09:48:40.0453 0x0480  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:48:40.0578 0x0480  Beep - ok
09:48:40.0656 0x0480  [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS            C:\WINDOWS\system32\qmgr.dll
09:48:40.0875 0x0480  BITS - ok
09:48:40.0921 0x0480  [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser         C:\WINDOWS\System32\browser.dll
09:48:41.0031 0x0480  Browser - ok
09:48:41.0062 0x0480  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:48:41.0218 0x0480  cbidf2k - ok
09:48:41.0234 0x0480  cd20xrnt - ok
09:48:41.0234 0x0480  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:48:41.0421 0x0480  Cdaudio - ok
09:48:41.0484 0x0480  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:48:41.0687 0x0480  Cdfs - ok
09:48:41.0750 0x0480  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:48:41.0828 0x0480  Cdrom - ok
09:48:41.0859 0x0480  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
09:48:41.0859 0x0480  cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
09:48:43.0328 0x0480  Detect skipped due to KSN trusted
09:48:43.0328 0x0480  cercsr6 - ok
09:48:43.0328 0x0480  Changer - ok
09:48:43.0390 0x0480  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:48:43.0656 0x0480  CiSvc - ok
09:48:43.0687 0x0480  [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:48:43.0812 0x0480  ClipSrv - ok
09:48:43.0890 0x0480  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:48:43.0906 0x0480  clr_optimization_v2.0.50727_32 - ok
09:48:43.0968 0x0480  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:48:44.0046 0x0480  clr_optimization_v4.0.30319_32 - ok
09:48:44.0093 0x0480  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:48:44.0234 0x0480  CmBatt - ok
09:48:44.0234 0x0480  CmdIde - ok
09:48:44.0265 0x0480  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:48:44.0453 0x0480  Compbatt - ok
09:48:44.0453 0x0480  COMSysApp - ok
09:48:44.0468 0x0480  Cpqarray - ok
09:48:44.0531 0x0480  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:48:44.0687 0x0480  CryptSvc - ok
09:48:44.0703 0x0480  Suspicious service (NoAccess): d89bd8cd32fcaf20
09:48:44.0750 0x0480  [ FE5D63B48D52F62F0FCC38B8F3EE86CD, EC426B6486A45EEA68C04AEED23C810CB7A15ED6C5A6CD08E047A1CFA91F159D ] d89bd8cd32fcaf20 C:\WINDOWS\System32\Drivers\d89bd8cd32fcaf20.sys
09:48:44.0750 0x0480  Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\d89bd8cd32fcaf20.sys. md5: FE5D63B48D52F62F0FCC38B8F3EE86CD, sha256: EC426B6486A45EEA68C04AEED23C810CB7A15ED6C5A6CD08E047A1CFA91F159D
09:48:44.0765 0x0480  d89bd8cd32fcaf20 - detected Rootkit.Win32.Necurs.gen ( 0 )
09:48:45.0062 0x0480  d89bd8cd32fcaf20 ( Rootkit.Win32.Necurs.gen ) - infected
09:48:45.0062 0x0480  Force sending object to P2P due to detect: d89bd8cd32fcaf20
09:48:45.0828 0x0480  Object send P2P result: true
09:48:56.0453 0x0480  dac2w2k - ok
09:48:56.0453 0x0480  dac960nt - ok
09:48:56.0562 0x0480  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:48:56.0750 0x0480  DcomLaunch - ok
09:48:56.0828 0x0480  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:48:57.0078 0x0480  Dhcp - ok
09:48:57.0093 0x0480  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:48:57.0234 0x0480  Disk - ok
09:48:57.0234 0x0480  dmadmin - ok
09:48:57.0343 0x0480  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:48:57.0500 0x0480  dmboot - ok
09:48:57.0546 0x0480  [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:48:58.0421 0x0480  dmio - ok
09:48:58.0546 0x0480  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:48:59.0218 0x0480  dmload - ok
09:48:59.0250 0x0480  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:48:59.0375 0x0480  dmserver - ok
09:48:59.0406 0x0480  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:48:59.0546 0x0480  DMusic - ok
09:48:59.0593 0x0480  [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:48:59.0687 0x0480  Dnscache - ok
09:48:59.0781 0x0480  [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:49:00.0000 0x0480  Dot3svc - ok
09:49:00.0078 0x0480  [ BD05306428DA63369692477DDC0F6F5F, DE2FC729A64695AF604D2DC64DF2A0C89598EB81E6D9953732B23E509116C398 ] Dot4Scan        C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
09:49:00.0484 0x0480  Dot4Scan - ok
09:49:00.0484 0x0480  dpti2o - ok
09:49:00.0531 0x0480  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:49:00.0750 0x0480  drmkaud - ok
09:49:00.0828 0x0480  [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:49:01.0046 0x0480  EapHost - ok
09:49:01.0109 0x0480  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:49:01.0234 0x0480  ERSvc - ok
09:49:01.0281 0x0480  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog        C:\WINDOWS\system32\services.exe
09:49:01.0328 0x0480  Eventlog - ok
09:49:01.0390 0x0480  [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem     C:\WINDOWS\system32\es.dll
09:49:01.0468 0x0480  EventSystem - ok
09:49:01.0625 0x0480  [ 4C6FA3FD55087B7C35707068723A1710, C9595A1962AD98A68FF31428543E86494FE76A4CB11040DBCF46C203DB60FA45 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
09:49:01.0734 0x0480  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
09:49:01.0921 0x0480  Detect skipped due to KSN trusted
09:49:01.0921 0x0480  EvtEng - ok
09:49:01.0968 0x0480  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:49:02.0250 0x0480  Fastfat - ok
09:49:02.0328 0x0480  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:49:02.0375 0x0480  FastUserSwitchingCompatibility - ok
09:49:02.0421 0x0480  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:49:02.0515 0x0480  Fdc - ok
09:49:02.0546 0x0480  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:49:02.0687 0x0480  Fips - ok
09:49:02.0703 0x0480  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:49:02.0812 0x0480  Flpydisk - ok
09:49:02.0859 0x0480  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:49:03.0000 0x0480  FltMgr - ok
09:49:03.0125 0x0480  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:49:03.0140 0x0480  FontCache3.0.0.0 - ok
09:49:03.0140 0x0480  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:49:03.0281 0x0480  Fs_Rec - ok
09:49:03.0281 0x0480  [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:49:03.0484 0x0480  Ftdisk - ok
09:49:03.0546 0x0480  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:49:03.0687 0x0480  Gpc - ok
09:49:03.0812 0x0480  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:49:03.0937 0x0480  helpsvc - ok
09:49:03.0984 0x0480  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ         C:\WINDOWS\System32\hidserv.dll
09:49:04.0125 0x0480  HidServ - ok
09:49:04.0156 0x0480  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:49:04.0312 0x0480  hidusb - ok
09:49:04.0343 0x0480  [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:49:04.0500 0x0480  hkmsvc - ok
09:49:04.0500 0x0480  hpn - ok
09:49:04.0546 0x0480  [ 32FE92018E28DF54BF94D41FC7FF92AC, 13112E1773B58C89D65DAB6A9C593C698612A4C265038AE7CCDE01730F4AAD7C ] HPPLSBULK       C:\WINDOWS\system32\drivers\hpplsbulk.sys
09:49:04.0609 0x0480  HPPLSBULK - ok
09:49:04.0625 0x0480  [ 30CA91E657CEDE2F95359D6EF186F650, 6BBAFBE50E7819695A79586A086A9952B737E174BA2C63C1F180D97EC4AABA4B ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:49:05.0046 0x0480  HPZid412 - ok
09:49:05.0062 0x0480  [ EFD31AFA752AA7C7BBB57BCBE2B01C78, AC671CEE9F8DD9FE6C51069212AEB1736BB914361D4185D1E87068D244BF2B7A ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:49:05.0093 0x0480  HPZipr12 - ok
09:49:05.0093 0x0480  [ 7AC43C38CA8FD7ED0B0A4466F753E06E, B4D44B366170D247E0145B9435CC678BEE2A2A42CFF7B485E077B3B582557B5A ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:49:05.0140 0x0480  HPZius12 - ok
09:49:05.0203 0x0480  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:49:05.0265 0x0480  HTTP - ok
09:49:05.0312 0x0480  [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:49:05.0421 0x0480  HTTPFilter - ok
09:49:05.0421 0x0480  i2omgmt - ok
09:49:05.0421 0x0480  i2omp - ok
09:49:05.0437 0x0480  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:49:05.0578 0x0480  i8042prt - ok
09:49:05.0718 0x0480  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:49:06.0343 0x0480  idsvc - ok
09:49:06.0359 0x0480  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:06.0515 0x0480  Imapi - ok
09:49:06.0578 0x0480  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:49:06.0968 0x0480  ImapiService - ok
09:49:06.0984 0x0480  ini910u - ok
09:49:07.0046 0x0480  [ 69C4E3C9E67A1F103B94E14FDD5F3213, 894ABDDBF95E3FFE59A4621AF94AFA7E6F6D780420845078622C76624C0326D2 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
09:49:07.0171 0x0480  IntelIde - ok
09:49:07.0203 0x0480  [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:07.0343 0x0480  intelppm - ok
09:49:07.0359 0x0480  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:49:07.0453 0x0480  Ip6Fw - ok
09:49:07.0500 0x0480  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:07.0640 0x0480  IpFilterDriver - ok
09:49:07.0656 0x0480  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:07.0781 0x0480  IpInIp - ok
09:49:07.0828 0x0480  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:07.0968 0x0480  IpNat - ok
09:49:08.0000 0x0480  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:08.0140 0x0480  IPSec - ok
09:49:08.0171 0x0480  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:08.0296 0x0480  IRENUM - ok
09:49:08.0296 0x0480  [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:08.0406 0x0480  isapnp - ok
09:49:08.0546 0x0480  [ 4F4D4AA1E0849FECC0CF5AACD59030B5, F90F33F59926A8F3599B2711C3F4D8F638068D3BE83B390CECD81F9F71DA0DE2 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
09:49:08.0578 0x0480  JavaQuickStarterService - ok
09:49:08.0609 0x0480  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:08.0750 0x0480  Kbdclass - ok
09:49:08.0781 0x0480  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:49:08.0937 0x0480  kbdhid - ok
09:49:08.0968 0x0480  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:49:09.0546 0x0480  kmixer - ok
09:49:09.0609 0x0480  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:49:09.0718 0x0480  KSecDD - ok
09:49:09.0781 0x0480  [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:49:09.0843 0x0480  lanmanserver - ok
09:49:09.0890 0x0480  [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:49:09.0953 0x0480  lanmanworkstation - ok
09:49:09.0968 0x0480  lbrtfdc - ok
09:49:10.0015 0x0480  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:49:10.0265 0x0480  LmHosts - ok
09:49:10.0390 0x0480  [ C3ED67C05F3923F9A8FEBA7A996337E1, 0A092A22339A9BFFAAB4A8A7C795480C058C0360C743BDF5D5DE042825F464A7 ] McComponentHostService C:\Programme\McAfee Security Scan\3.8.150\McCHSvc.exe
09:49:10.0453 0x0480  McComponentHostService - ok
09:49:10.0468 0x0480  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:49:10.0578 0x0480  Messenger - ok
09:49:10.0640 0x0480  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:49:10.0765 0x0480  mnmdd - ok
09:49:10.0812 0x0480  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:49:11.0406 0x0480  mnmsrvc - ok
09:49:11.0484 0x0480  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:49:11.0593 0x0480  Modem - ok
09:49:11.0609 0x0480  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:11.0765 0x0480  Mouclass - ok
09:49:11.0812 0x0480  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:49:12.0328 0x0480  mouhid - ok
09:49:12.0359 0x0480  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:49:12.0468 0x0480  MountMgr - ok
09:49:12.0515 0x0480  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:49:12.0546 0x0480  MozillaMaintenance - ok
09:49:12.0562 0x0480  mraid35x - ok
09:49:12.0562 0x0480  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:12.0718 0x0480  MRxDAV - ok
09:49:12.0781 0x0480  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:49:12.0937 0x0480  MRxSmb - ok
09:49:12.0984 0x0480  [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:49:13.0515 0x0480  MSDTC - ok
09:49:13.0515 0x0480  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:49:13.0656 0x0480  Msfs - ok
09:49:13.0656 0x0480  MSIServer - ok
09:49:13.0671 0x0480  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:14.0187 0x0480  MSKSSRV - ok
09:49:14.0218 0x0480  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:14.0312 0x0480  MSPCLOCK - ok
09:49:14.0328 0x0480  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:14.0437 0x0480  MSPQM - ok
09:49:14.0468 0x0480  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:14.0562 0x0480  mssmbios - ok
09:49:14.0640 0x0480  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:49:14.0687 0x0480  Mup - ok
09:49:14.0796 0x0480  [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:49:14.0921 0x0480  napagent - ok
09:49:14.0968 0x0480  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:49:15.0109 0x0480  NDIS - ok
09:49:15.0171 0x0480  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:15.0234 0x0480  NdisTapi - ok
09:49:15.0281 0x0480  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:15.0453 0x0480  Ndisuio - ok
09:49:15.0453 0x0480  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:15.0625 0x0480  NdisWan - ok
09:49:15.0687 0x0480  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:15.0828 0x0480  NDProxy - ok
09:49:15.0875 0x0480  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:49:16.0093 0x0480  NetBIOS - ok
09:49:16.0140 0x0480  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:16.0375 0x0480  NetBT - ok
09:49:16.0437 0x0480  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:49:16.0656 0x0480  NetDDE - ok
09:49:16.0671 0x0480  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:49:16.0781 0x0480  NetDDEdsdm - ok
09:49:16.0828 0x0480  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:49:16.0953 0x0480  Netlogon - ok
09:49:16.0984 0x0480  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman          C:\WINDOWS\System32\netman.dll
09:49:17.0109 0x0480  Netman - ok
09:49:17.0156 0x0480  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:49:17.0250 0x0480  NetTcpPortSharing - ok
09:49:17.0296 0x0480  [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:49:17.0375 0x0480  Nla - ok
09:49:17.0421 0x0480  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:49:17.0656 0x0480  Npfs - ok
09:49:17.0718 0x0480  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:17.0937 0x0480  Ntfs - ok
09:49:17.0953 0x0480  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:49:18.0062 0x0480  NtLmSsp - ok
09:49:18.0171 0x0480  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:49:18.0343 0x0480  NtmsSvc - ok
09:49:18.0375 0x0480  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:49:18.0468 0x0480  Null - ok
09:49:18.0515 0x0480  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:18.0625 0x0480  NwlnkFlt - ok
09:49:18.0625 0x0480  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:18.0750 0x0480  NwlnkFwd - ok
09:49:18.0843 0x0480  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
09:49:18.0859 0x0480  ose - ok
09:49:18.0875 0x0480  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:49:19.0015 0x0480  Parport - ok
09:49:19.0015 0x0480  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:19.0140 0x0480  PartMgr - ok
09:49:19.0171 0x0480  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:19.0312 0x0480  ParVdm - ok
09:49:19.0343 0x0480  [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:19.0562 0x0480  PCI - ok
09:49:19.0562 0x0480  PCIDump - ok
09:49:19.0828 0x0480  [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:21.0093 0x0480  PCIIde - ok
09:49:21.0140 0x0480  [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:49:21.0296 0x0480  Pcmcia - ok
09:49:21.0328 0x0480  PDCOMP - ok
09:49:21.0328 0x0480  PDFRAME - ok
09:49:21.0343 0x0480  PDRELI - ok
09:49:21.0343 0x0480  PDRFRAME - ok
09:49:21.0359 0x0480  perc2 - ok
09:49:21.0359 0x0480  perc2hib - ok
09:49:21.0390 0x0480  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay        C:\WINDOWS\system32\services.exe
09:49:21.0421 0x0480  PlugPlay - ok
09:49:21.0468 0x0480  [ B489E534D30F95C6240C7FB6C9BF9EC5, 6AD448CA6933546A49E8560D399F75EEA1D1EDA6476ECDCA918C061466287279 ] Pml Driver HPZ12 C:\WINDOWS\system32\hpzipm12.exe
09:49:21.0531 0x0480  Pml Driver HPZ12 - ok
09:49:21.0546 0x0480  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:49:21.0656 0x0480  PolicyAgent - ok
09:49:21.0687 0x0480  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:21.0859 0x0480  PptpMiniport - ok
09:49:21.0859 0x0480  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:49:21.0984 0x0480  ProtectedStorage - ok
09:49:22.0000 0x0480  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:22.0359 0x0480  PSched - ok
09:49:22.0484 0x0480  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:22.0578 0x0480  Ptilink - ok
09:49:22.0609 0x0480  ql1080 - ok
09:49:22.0609 0x0480  Ql10wnt - ok
09:49:22.0625 0x0480  ql12160 - ok
09:49:22.0640 0x0480  ql1240 - ok
09:49:22.0640 0x0480  ql1280 - ok
09:49:22.0703 0x0480  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:22.0828 0x0480  RasAcd - ok
09:49:22.0875 0x0480  [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:49:23.0000 0x0480  RasAuto - ok
09:49:23.0000 0x0480  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:23.0125 0x0480  Rasl2tp - ok
09:49:23.0296 0x0480  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:49:23.0609 0x0480  RasMan - ok
09:49:23.0671 0x0480  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:23.0843 0x0480  RasPppoe - ok
09:49:23.0843 0x0480  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:24.0593 0x0480  Raspti - ok
09:49:24.0656 0x0480  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:49:25.0421 0x0480  Rdbss - ok
09:49:25.0484 0x0480  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:25.0656 0x0480  RDPCDD - ok
09:49:25.0718 0x0480  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:49:26.0265 0x0480  rdpdr - ok
09:49:26.0312 0x0480  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:26.0390 0x0480  RDPWD - ok
09:49:26.0453 0x0480  [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:49:27.0015 0x0480  RDSessMgr - ok
09:49:27.0046 0x0480  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:27.0171 0x0480  redbook - ok
09:49:27.0218 0x0480  [ 8AC155995F5D10FC0D3AD949A1A68075, AF66B760897F2CF6352D726752BF02A64F99EF843906EF2E4C1A63731F6A938E ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
09:49:27.0296 0x0480  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
09:49:27.0453 0x0480  Detect skipped due to KSN trusted
09:49:27.0453 0x0480  RegSrvc - ok
09:49:27.0515 0x0480  [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:49:28.0734 0x0480  RemoteAccess - ok
09:49:28.0796 0x0480  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:49:28.0937 0x0480  RemoteRegistry - ok
09:49:28.0968 0x0480  [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:49:29.0109 0x0480  RpcLocator - ok
09:49:29.0171 0x0480  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:49:29.0234 0x0480  RpcSs - ok
09:49:29.0296 0x0480  [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:49:29.0500 0x0480  RSVP - ok
09:49:29.0765 0x0480  [ 131D50F081D2E29EBD1365B21F6B9736, 402A92A5606C207E38D9AD378C39FC630B177C05D93F1648ADF3329F84DA2908 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
09:49:30.0515 0x0480  S24EventMonitor - detected UnsignedFile.Multi.Generic ( 1 )
09:49:31.0750 0x0480  Detect skipped due to KSN trusted
09:49:31.0750 0x0480  S24EventMonitor - ok
09:49:31.0828 0x0480  [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4, 4A9EA5F875F2FF5C5EB551EDAFD5153F024576F40983D8450D3184583A3F2B2F ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:49:31.0875 0x0480  s24trans - detected UnsignedFile.Multi.Generic ( 1 )
09:49:35.0640 0x0480  Detect skipped due to KSN trusted
09:49:35.0640 0x0480  s24trans - ok
09:49:35.0750 0x0480  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:49:35.0968 0x0480  SamSs - ok
09:49:36.0000 0x0480  [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:49:36.0125 0x0480  SCardSvr - ok
09:49:36.0187 0x0480  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:49:36.0312 0x0480  Schedule - ok
09:49:36.0359 0x0480  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:36.0484 0x0480  Secdrv - ok
09:49:36.0515 0x0480  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:49:36.0671 0x0480  seclogon - ok
09:49:36.0703 0x0480  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS            C:\WINDOWS\system32\sens.dll
09:49:36.0828 0x0480  SENS - ok
09:49:36.0875 0x0480  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:49:37.0000 0x0480  serenum - ok
09:49:37.0015 0x0480  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:49:37.0171 0x0480  Serial - ok
09:49:37.0281 0x0480  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:49:37.0453 0x0480  Sfloppy - ok
09:49:37.0500 0x0480  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:49:37.0718 0x0480  SharedAccess - ok
09:49:37.0781 0x0480  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:49:37.0828 0x0480  ShellHWDetection - ok
09:49:37.0843 0x0480  Simbad - ok
09:49:37.0906 0x0480  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:49:38.0062 0x0480  SONYPVU1 - ok
09:49:38.0062 0x0480  Sparrow - ok
09:49:38.0093 0x0480  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:49:38.0265 0x0480  splitter - ok
09:49:38.0343 0x0480  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:49:38.0390 0x0480  Spooler - ok
09:49:38.0437 0x0480  [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:38.0640 0x0480  sr - ok
09:49:38.0843 0x0480  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice       C:\WINDOWS\system32\srsvc.dll
09:49:39.0109 0x0480  srservice - ok
09:49:39.0187 0x0480  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:39.0375 0x0480  Srv - ok
09:49:39.0484 0x0480  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:49:39.0640 0x0480  SSDPSRV - ok
09:49:39.0687 0x0480  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:49:39.0703 0x0480  ssmdrv - ok
09:49:39.0796 0x0480  [ 305CC42945A713347F978D78566113F3, 92D95E1DCCAA5E31AADB061EB7B531337975974961211BFB7C542FB799348034 ] STAC97          C:\WINDOWS\system32\drivers\STAC97.sys
09:49:39.0843 0x0480  STAC97 - ok
09:49:39.0921 0x0480  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:49:40.0125 0x0480  stisvc - ok
09:49:40.0156 0x0480  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:40.0359 0x0480  swenum - ok
09:49:40.0421 0x0480  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:49:41.0156 0x0480  swmidi - ok
09:49:41.0234 0x0480  SwPrv - ok
09:49:42.0000 0x0480  symc810 - ok
09:49:42.0062 0x0480  symc8xx - ok
09:49:42.0093 0x0480  sym_hi - ok
09:49:42.0109 0x0480  sym_u3 - ok
09:49:42.0156 0x0480  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:42.0296 0x0480  sysaudio - ok
09:49:42.0406 0x0480  [ 5E855A5ADED6A4642B1F754F3A17F74C, 23AF825E4AE3396F5F396305602A883579FE06DE7B3A5FBDED0952921EC9728C ] syshost32       C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe
09:49:42.0406 0x0480  Suspicious file ( NoAccess ): C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe. md5: 5E855A5ADED6A4642B1F754F3A17F74C, sha256: 23AF825E4AE3396F5F396305602A883579FE06DE7B3A5FBDED0952921EC9728C
09:49:42.0406 0x0480  syshost32 - detected LockedFile.Multi.Generic ( 1 )
09:49:42.0562 0x0480  Detect turned to UDS exact due to KSN untrusted
09:49:42.0562 0x0480  syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
09:49:42.0562 0x0480  Force sending object to P2P due to detect: syshost32
09:49:43.0312 0x0480  Object send P2P result: true
09:49:43.0796 0x0480  [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:49:44.0625 0x0480  SysmonLog - ok
09:49:44.0671 0x0480  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:49:44.0875 0x0480  TapiSrv - ok
09:49:45.0140 0x0480  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:45.0250 0x0480  Tcpip - ok
09:49:45.0296 0x0480  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:45.0687 0x0480  TDPIPE - ok
09:49:45.0750 0x0480  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:46.0875 0x0480  TDTCP - ok
09:49:46.0921 0x0480  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:47.0484 0x0480  TermDD - ok
09:49:47.0562 0x0480  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService     C:\WINDOWS\System32\termsrv.dll
09:49:47.0781 0x0480  TermService - ok
09:49:47.0828 0x0480  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:49:47.0906 0x0480  Themes - ok
09:49:47.0968 0x0480  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:49:48.0140 0x0480  TlntSvr - ok
09:49:48.0140 0x0480  TosIde - ok
09:49:48.0203 0x0480  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:49:48.0625 0x0480  TrkWks - ok
09:49:48.0703 0x0480  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:49:48.0828 0x0480  Udfs - ok
09:49:48.0828 0x0480  ultra - ok
09:49:48.0921 0x0480  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:49:49.0109 0x0480  Update - ok
09:49:49.0203 0x0480  [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:49:49.0531 0x0480  upnphost - ok
09:49:49.0546 0x0480  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS             C:\WINDOWS\System32\ups.exe
09:49:49.0796 0x0480  UPS - ok
09:49:49.0859 0x0480  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:49.0984 0x0480  usbccgp - ok
09:49:50.0031 0x0480  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:50.0046 0x0480  usbehci - ok
09:49:50.0125 0x0480  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:50.0609 0x0480  usbhub - ok
09:49:50.0656 0x0480  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:50.0843 0x0480  usbprint - ok
09:49:50.0875 0x0480  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:51.0453 0x0480  USBSTOR - ok
09:49:51.0750 0x0480  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:51.0906 0x0480  usbuhci - ok
09:49:51.0953 0x0480  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:49:52.0078 0x0480  VgaSave - ok
09:49:52.0093 0x0480  ViaIde - ok
09:49:52.0140 0x0480  [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:52.0296 0x0480  VolSnap - ok
09:49:52.0421 0x0480  [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS             C:\WINDOWS\System32\vssvc.exe
09:49:52.0609 0x0480  VSS - ok
09:49:52.0906 0x0480  [ D6006DE6A6ED423D8016A03BC50CBE6B, DB146F82185274433A474AEFF84EAE517200B9A63F0963348E96BFE8D5454E54 ] w29n51          C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:49:53.0265 0x0480  w29n51 - ok
09:49:53.0312 0x0480  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:49:53.0578 0x0480  W32Time - ok
09:49:53.0609 0x0480  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:53.0718 0x0480  Wanarp - ok
09:49:53.0718 0x0480  WDICA - ok
09:49:53.0734 0x0480  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:49:53.0890 0x0480  wdmaud - ok
09:49:53.0921 0x0480  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:49:54.0031 0x0480  WebClient - ok
09:49:54.0234 0x0480  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:49:54.0421 0x0480  winmgmt - ok
09:49:54.0500 0x0480  [ 8880769B9F88918E27F8E7332AA1AA01, 5620C9EE1C3E570B289A3C9DF731CD7EA680426FF8673E76DBCDC60C0B915477 ] WLANKEEPER      C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
09:49:54.0578 0x0480  WLANKEEPER - detected UnsignedFile.Multi.Generic ( 1 )
09:49:54.0765 0x0480  Detect skipped due to KSN trusted
09:49:54.0781 0x0480  WLANKEEPER - ok
09:49:54.0781 0x0480  wltrysvc - ok
09:49:54.0843 0x0480  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:49:54.0937 0x0480  WmdmPmSN - ok
09:49:55.0046 0x0480  [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:49:55.0250 0x0480  Wmi - ok
09:49:55.0296 0x0480  [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:49:55.0640 0x0480  WmiApSrv - ok
09:49:55.0781 0x0480  [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
09:49:55.0921 0x0480  WMPNetworkSvc - ok
09:49:55.0953 0x0480  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:49:55.0984 0x0480  WpdUsb - ok
09:49:56.0109 0x0480  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:49:56.0156 0x0480  WPFFontCache_v0400 - ok
09:49:56.0234 0x0480  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:49:56.0468 0x0480  wscsvc - ok
09:49:56.0515 0x0480  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:49:56.0718 0x0480  wuauserv - ok
09:49:56.0796 0x0480  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:49:56.0859 0x0480  WudfPf - ok
09:49:56.0875 0x0480  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:49:56.0921 0x0480  WudfRd - ok
09:49:56.0968 0x0480  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
09:49:57.0031 0x0480  WudfSvc - ok
09:49:57.0109 0x0480  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:49:57.0468 0x0480  WZCSVC - ok
09:49:57.0562 0x0480  [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:49:57.0687 0x0480  xmlprov - ok
09:49:57.0703 0x0480  ================ Scan global ===============================
09:49:57.0750 0x0480  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
09:49:58.0703 0x0480  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
09:49:58.0734 0x0480  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
09:49:58.0828 0x0480  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
09:49:58.0843 0x0480  [ Global ] - ok
09:49:58.0843 0x0480  ================ Scan MBR ==================================
09:49:58.0875 0x0480  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
09:49:59.0296 0x0480  \Device\Harddisk0\DR0 - ok
09:49:59.0296 0x0480  ================ Scan VBR ==================================
09:49:59.0296 0x0480  [ 76C1AB3223AF418A267C2A5506BEB975 ] \Device\Harddisk0\DR0\Partition1
09:49:59.0296 0x0480  \Device\Harddisk0\DR0\Partition1 - ok
09:49:59.0296 0x0480  ================ Scan generic autorun ======================
09:49:59.0406 0x0480  [ 0E81905F53B1A2A41558519CDCDC9C61, 50C48BE7FC37FE15D721659A0EA74C968B42E053F50CB52E4A7D873351EB59DE ] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
09:49:59.0500 0x0480  IntelZeroConfig - detected UnsignedFile.Multi.Generic ( 1 )
09:49:59.0687 0x0480  Detect skipped due to KSN trusted
09:49:59.0687 0x0480  IntelZeroConfig - ok
09:50:00.0718 0x0480  [ F8A99D6F2C65C83D9E419164D427F1C6, 42C5249AC6DBB1D60DEE04942A522F5EE9D25B4AD62C28741A33D5A1F870A889 ] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
09:50:01.0468 0x0480  IntelWireless - detected UnsignedFile.Multi.Generic ( 1 )
09:50:01.0625 0x0480  Detect skipped due to KSN trusted
09:50:01.0625 0x0480  IntelWireless - ok
09:50:01.0859 0x0480  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
09:50:04.0656 0x0480  Adobe ARM - ok
09:50:04.0875 0x0480  [ E558CDE2913DAA077D4E25732D1AA176, 9A889C1E1EFC85BEEEF184E31888CAA0BC34365C7594543E8798531B4BB9EFB6 ] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
09:50:05.0156 0x0480  HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )
09:50:05.0500 0x0480  Detect skipped due to KSN trusted
09:50:05.0500 0x0480  HP Software Update - ok
09:50:05.0562 0x0480  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
09:50:05.0718 0x0480  CTFMON.EXE - ok
09:50:05.0718 0x0480  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
09:50:05.0875 0x0480  CTFMON.EXE - ok
09:50:05.0890 0x0480  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
09:50:06.0062 0x0480  ctfmon.exe - ok
09:50:06.0062 0x0480  Waiting for KSN requests completion. In queue: 4
09:50:07.0125 0x0480  AV detected via SS1: Avira Desktop, 14.0.7.462, disabled, updated
09:50:07.0140 0x0480  Win FW state via NFM: disabled
09:50:07.0343 0x0480  ============================================================
09:50:07.0343 0x0480  Scan finished
09:50:07.0343 0x0480  ============================================================
09:50:07.0375 0x04ec  Detected object count: 2
09:50:07.0375 0x04ec  Actual detected object count: 2
09:50:29.0796 0x04ec  d89bd8cd32fcaf20 ( Rootkit.Win32.Necurs.gen ) - skipped by user
09:50:29.0796 0x04ec  d89bd8cd32fcaf20 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
09:50:29.0796 0x04ec  syshost32 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
09:50:29.0796 0x04ec  syshost32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
         

Alt 08.01.2015, 10:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Bei allen Funden:

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 13:42   #9
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Code:
ATTFilter
14:34:22.0484 0x0f54  ============================================================
14:34:22.0484 0x0f54  Scan started
14:34:22.0484 0x0f54  Mode: Manual; SigCheck; TDLFS; 
14:34:22.0484 0x0f54  ============================================================
14:34:22.0484 0x0f54  KSN ping started
14:34:22.0750 0x0f54  KSN ping finished: true
14:34:25.0515 0x0f54  ================ Scan system memory ========================
14:34:26.0546 0x0f54  System memory - ok
14:34:26.0546 0x0f54  ================ Scan services =============================
14:34:26.0750 0x0f54  Abiosdsk - ok
14:34:26.0750 0x0f54  abp480n5 - ok
14:34:26.0812 0x0f54  [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:34:27.0421 0x0f54  ACPI - ok
14:34:27.0703 0x0f54  [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:34:27.0828 0x0f54  ACPIEC - ok
14:34:27.0921 0x0f54  [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:34:27.0953 0x0f54  AdobeFlashPlayerUpdateSvc - ok
14:34:27.0953 0x0f54  adpu160m - ok
14:34:27.0984 0x0f54  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:34:28.0171 0x0f54  aec - ok
14:34:28.0265 0x0f54  [ 375EB0B97E3950ADEF3633C27A82438B, A79AF11EFAFFAB0CBB0A7A21AD53072C44EFA2EB375981201DE1EF03F3564A12 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:34:28.0281 0x0f54  AegisP - detected UnsignedFile.Multi.Generic ( 1 )
14:34:28.0281 0x0f54  Detect skipped due to KSN trusted
14:34:28.0281 0x0f54  AegisP - ok
14:34:28.0343 0x0f54  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:34:28.0406 0x0f54  AFD - ok
14:34:28.0406 0x0f54  Aha154x - ok
14:34:28.0421 0x0f54  aic78u2 - ok
14:34:28.0421 0x0f54  aic78xx - ok
14:34:28.0468 0x0f54  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:34:28.0671 0x0f54  Alerter - ok
14:34:28.0718 0x0f54  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG             C:\WINDOWS\System32\alg.exe
14:34:28.0937 0x0f54  ALG - ok
14:34:28.0937 0x0f54  AliIde - ok
14:34:28.0937 0x0f54  amsint - ok
14:34:29.0109 0x0f54  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
14:34:29.0140 0x0f54  AntiVirSchedulerService - ok
14:34:29.0203 0x0f54  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:34:29.0234 0x0f54  AntiVirService - ok
14:34:29.0281 0x0f54  [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:34:29.0390 0x0f54  AppMgmt - ok
14:34:29.0390 0x0f54  asc - ok
14:34:29.0390 0x0f54  asc3350p - ok
14:34:29.0406 0x0f54  asc3550 - ok
14:34:29.0562 0x0f54  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:34:29.0593 0x0f54  aspnet_state - ok
14:34:29.0656 0x0f54  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:34:29.0843 0x0f54  AsyncMac - ok
14:34:29.0890 0x0f54  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:34:30.0093 0x0f54  atapi - ok
14:34:30.0109 0x0f54  Atdisk - ok
14:34:30.0218 0x0f54  [ DFEA480EE09BDEB7F51244900170E173, 60B2D97DB6E806176D44A52707E7ED1E36C911B88FF36D0F43C24BD5DDE28CBD ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:34:30.0312 0x0f54  Ati HotKey Poller - ok
14:34:30.0437 0x0f54  [ 2A6C99CFDC23C9C26D0E30B1C99748D4, ADA8FC9C0B308FC6175947AC716AC463B5A575D7F94720359BF7BBB4ED69F47F ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:34:30.0578 0x0f54  ati2mtag - ok
14:34:30.0625 0x0f54  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:34:30.0843 0x0f54  Atmarpc - ok
14:34:30.0890 0x0f54  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:34:31.0015 0x0f54  AudioSrv - ok
14:34:31.0062 0x0f54  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:34:31.0171 0x0f54  audstub - ok
14:34:31.0234 0x0f54  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:34:31.0250 0x0f54  avgntflt - ok
14:34:31.0312 0x0f54  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:34:31.0328 0x0f54  avipbb - ok
14:34:31.0406 0x0f54  [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe
14:34:31.0437 0x0f54  Avira.OE.ServiceHost - ok
14:34:31.0500 0x0f54  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:34:31.0515 0x0f54  avkmgr - ok
14:34:31.0609 0x0f54  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:34:32.0171 0x0f54  Beep - ok
14:34:32.0234 0x0f54  [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS            C:\WINDOWS\system32\qmgr.dll
14:34:32.0453 0x0f54  BITS - ok
14:34:32.0515 0x0f54  [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser         C:\WINDOWS\System32\browser.dll
14:34:32.0578 0x0f54  Browser - ok
14:34:32.0625 0x0f54  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:34:32.0875 0x0f54  cbidf2k - ok
14:34:32.0875 0x0f54  cd20xrnt - ok
14:34:32.0890 0x0f54  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:34:33.0015 0x0f54  Cdaudio - ok
14:34:33.0046 0x0f54  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:34:33.0171 0x0f54  Cdfs - ok
14:34:33.0234 0x0f54  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:34:33.0281 0x0f54  Cdrom - ok
14:34:33.0296 0x0f54  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
14:34:33.0312 0x0f54  cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
14:34:33.0312 0x0f54  Detect skipped due to KSN trusted
14:34:33.0312 0x0f54  cercsr6 - ok
14:34:33.0328 0x0f54  Changer - ok
14:34:33.0359 0x0f54  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:34:33.0484 0x0f54  CiSvc - ok
14:34:33.0515 0x0f54  [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:34:33.0625 0x0f54  ClipSrv - ok
14:34:33.0718 0x0f54  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:34:33.0750 0x0f54  clr_optimization_v2.0.50727_32 - ok
14:34:33.0812 0x0f54  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:34:33.0828 0x0f54  clr_optimization_v4.0.30319_32 - ok
14:34:33.0875 0x0f54  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:34:34.0015 0x0f54  CmBatt - ok
14:34:34.0031 0x0f54  CmdIde - ok
14:34:34.0062 0x0f54  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:34:34.0171 0x0f54  Compbatt - ok
14:34:34.0171 0x0f54  COMSysApp - ok
14:34:34.0187 0x0f54  Cpqarray - ok
14:34:34.0265 0x0f54  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:34:34.0406 0x0f54  CryptSvc - ok
14:34:34.0406 0x0f54  Suspicious service (NoAccess): d89bd8cd32fcaf20
14:34:34.0453 0x0f54  [ FE5D63B48D52F62F0FCC38B8F3EE86CD, EC426B6486A45EEA68C04AEED23C810CB7A15ED6C5A6CD08E047A1CFA91F159D ] d89bd8cd32fcaf20 C:\WINDOWS\System32\Drivers\d89bd8cd32fcaf20.sys
14:34:34.0453 0x0f54  Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\d89bd8cd32fcaf20.sys. md5: FE5D63B48D52F62F0FCC38B8F3EE86CD, sha256: EC426B6486A45EEA68C04AEED23C810CB7A15ED6C5A6CD08E047A1CFA91F159D
14:34:34.0468 0x0f54  d89bd8cd32fcaf20 - detected Rootkit.Win32.Necurs.gen ( 0 )
14:34:34.0468 0x0f54  d89bd8cd32fcaf20 ( Rootkit.Win32.Necurs.gen ) - infected
14:34:34.0468 0x0f54  Force sending object to P2P due to detect: d89bd8cd32fcaf20
14:34:34.0468 0x0f54  Object send P2P result: false
14:34:34.0468 0x0f54  dac2w2k - ok
14:34:34.0484 0x0f54  dac960nt - ok
14:34:34.0562 0x0f54  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:34:34.0640 0x0f54  DcomLaunch - ok
14:34:34.0703 0x0f54  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:34:34.0953 0x0f54  Dhcp - ok
14:34:34.0968 0x0f54  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:34:35.0078 0x0f54  Disk - ok
14:34:35.0078 0x0f54  dmadmin - ok
14:34:35.0187 0x0f54  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:34:35.0328 0x0f54  dmboot - ok
14:34:35.0375 0x0f54  [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:34:35.0500 0x0f54  dmio - ok
14:34:35.0531 0x0f54  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:34:35.0625 0x0f54  dmload - ok
14:34:35.0671 0x0f54  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:34:35.0796 0x0f54  dmserver - ok
14:34:35.0828 0x0f54  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:34:35.0953 0x0f54  DMusic - ok
14:34:35.0984 0x0f54  [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:34:36.0031 0x0f54  Dnscache - ok
14:34:36.0078 0x0f54  [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:34:36.0187 0x0f54  Dot3svc - ok
14:34:36.0234 0x0f54  [ BD05306428DA63369692477DDC0F6F5F, DE2FC729A64695AF604D2DC64DF2A0C89598EB81E6D9953732B23E509116C398 ] Dot4Scan        C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
14:34:36.0406 0x0f54  Dot4Scan - ok
14:34:36.0406 0x0f54  dpti2o - ok
14:34:36.0437 0x0f54  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:34:36.0578 0x0f54  drmkaud - ok
14:34:36.0609 0x0f54  [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:34:36.0750 0x0f54  EapHost - ok
14:34:36.0796 0x0f54  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:34:36.0906 0x0f54  ERSvc - ok
14:34:36.0953 0x0f54  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog        C:\WINDOWS\system32\services.exe
14:34:37.0000 0x0f54  Eventlog - ok
14:34:37.0046 0x0f54  [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem     C:\WINDOWS\system32\es.dll
14:34:37.0062 0x0f54  EventSystem - ok
14:34:37.0218 0x0f54  [ 4C6FA3FD55087B7C35707068723A1710, C9595A1962AD98A68FF31428543E86494FE76A4CB11040DBCF46C203DB60FA45 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
14:34:37.0296 0x0f54  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
14:34:37.0296 0x0f54  Detect skipped due to KSN trusted
14:34:37.0296 0x0f54  EvtEng - ok
14:34:37.0328 0x0f54  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:34:37.0468 0x0f54  Fastfat - ok
14:34:37.0531 0x0f54  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:34:37.0562 0x0f54  FastUserSwitchingCompatibility - ok
14:34:37.0609 0x0f54  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:34:37.0765 0x0f54  Fdc - ok
14:34:37.0796 0x0f54  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:34:37.0953 0x0f54  Fips - ok
14:34:37.0968 0x0f54  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:34:38.0125 0x0f54  Flpydisk - ok
14:34:38.0187 0x0f54  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:34:38.0375 0x0f54  FltMgr - ok
14:34:38.0453 0x0f54  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:34:38.0468 0x0f54  FontCache3.0.0.0 - ok
14:34:38.0484 0x0f54  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:34:38.0640 0x0f54  Fs_Rec - ok
14:34:38.0656 0x0f54  [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:34:38.0843 0x0f54  Ftdisk - ok
14:34:38.0875 0x0f54  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:34:39.0046 0x0f54  Gpc - ok
14:34:39.0156 0x0f54  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:34:39.0328 0x0f54  helpsvc - ok
14:34:39.0390 0x0f54  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:34:39.0593 0x0f54  HidServ - ok
14:34:39.0625 0x0f54  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:34:39.0796 0x0f54  hidusb - ok
14:34:39.0859 0x0f54  [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:34:40.0031 0x0f54  hkmsvc - ok
14:34:40.0046 0x0f54  hpn - ok
14:34:40.0109 0x0f54  [ 32FE92018E28DF54BF94D41FC7FF92AC, 13112E1773B58C89D65DAB6A9C593C698612A4C265038AE7CCDE01730F4AAD7C ] HPPLSBULK       C:\WINDOWS\system32\drivers\hpplsbulk.sys
14:34:40.0140 0x0f54  HPPLSBULK - ok
14:34:40.0156 0x0f54  [ 30CA91E657CEDE2F95359D6EF186F650, 6BBAFBE50E7819695A79586A086A9952B737E174BA2C63C1F180D97EC4AABA4B ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:34:40.0187 0x0f54  HPZid412 - ok
14:34:40.0203 0x0f54  [ EFD31AFA752AA7C7BBB57BCBE2B01C78, AC671CEE9F8DD9FE6C51069212AEB1736BB914361D4185D1E87068D244BF2B7A ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:34:40.0234 0x0f54  HPZipr12 - ok
14:34:40.0250 0x0f54  [ 7AC43C38CA8FD7ED0B0A4466F753E06E, B4D44B366170D247E0145B9435CC678BEE2A2A42CFF7B485E077B3B582557B5A ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:34:40.0296 0x0f54  HPZius12 - ok
14:34:40.0359 0x0f54  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:34:40.0421 0x0f54  HTTP - ok
14:34:40.0453 0x0f54  [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:34:40.0625 0x0f54  HTTPFilter - ok
14:34:40.0625 0x0f54  i2omgmt - ok
14:34:40.0640 0x0f54  i2omp - ok
14:34:40.0671 0x0f54  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:34:40.0875 0x0f54  i8042prt - ok
14:34:41.0046 0x0f54  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:34:41.0140 0x0f54  idsvc - ok
14:34:41.0156 0x0f54  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:34:41.0328 0x0f54  Imapi - ok
14:34:41.0406 0x0f54  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:34:41.0703 0x0f54  ImapiService - ok
14:34:41.0718 0x0f54  ini910u - ok
14:34:41.0765 0x0f54  [ 69C4E3C9E67A1F103B94E14FDD5F3213, 894ABDDBF95E3FFE59A4621AF94AFA7E6F6D780420845078622C76624C0326D2 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:34:41.0953 0x0f54  IntelIde - ok
14:34:42.0406 0x0f54  [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:34:42.0531 0x0f54  intelppm - ok
14:34:42.0546 0x0f54  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:34:42.0640 0x0f54  Ip6Fw - ok
14:34:42.0687 0x0f54  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:34:42.0812 0x0f54  IpFilterDriver - ok
14:34:42.0859 0x0f54  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:34:42.0968 0x0f54  IpInIp - ok
14:34:43.0015 0x0f54  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:34:43.0156 0x0f54  IpNat - ok
14:34:43.0203 0x0f54  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:34:43.0328 0x0f54  IPSec - ok
14:34:43.0343 0x0f54  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:34:43.0468 0x0f54  IRENUM - ok
14:34:43.0500 0x0f54  [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:34:43.0609 0x0f54  isapnp - ok
14:34:43.0734 0x0f54  [ 4F4D4AA1E0849FECC0CF5AACD59030B5, F90F33F59926A8F3599B2711C3F4D8F638068D3BE83B390CECD81F9F71DA0DE2 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
14:34:43.0765 0x0f54  JavaQuickStarterService - ok
14:34:43.0796 0x0f54  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:34:43.0937 0x0f54  Kbdclass - ok
14:34:43.0953 0x0f54  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:34:44.0093 0x0f54  kbdhid - ok
14:34:44.0156 0x0f54  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:34:44.0406 0x0f54  kmixer - ok
14:34:44.0453 0x0f54  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:34:44.0500 0x0f54  KSecDD - ok
14:34:44.0546 0x0f54  [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:34:44.0578 0x0f54  lanmanserver - ok
14:34:44.0625 0x0f54  [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:34:44.0640 0x0f54  lanmanworkstation - ok
14:34:44.0640 0x0f54  lbrtfdc - ok
14:34:44.0687 0x0f54  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:34:44.0812 0x0f54  LmHosts - ok
14:34:44.0937 0x0f54  [ C3ED67C05F3923F9A8FEBA7A996337E1, 0A092A22339A9BFFAAB4A8A7C795480C058C0360C743BDF5D5DE042825F464A7 ] McComponentHostService C:\Programme\McAfee Security Scan\3.8.150\McCHSvc.exe
14:34:44.0953 0x0f54  McComponentHostService - ok
14:34:44.0984 0x0f54  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:34:45.0078 0x0f54  Messenger - ok
14:34:45.0187 0x0f54  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:34:45.0343 0x0f54  mnmdd - ok
14:34:45.0390 0x0f54  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:34:45.0546 0x0f54  mnmsrvc - ok
14:34:45.0578 0x0f54  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:34:45.0718 0x0f54  Modem - ok
14:34:45.0750 0x0f54  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:34:45.0953 0x0f54  Mouclass - ok
14:34:45.0968 0x0f54  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:34:46.0171 0x0f54  mouhid - ok
14:34:46.0203 0x0f54  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:34:46.0375 0x0f54  MountMgr - ok
14:34:46.0453 0x0f54  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:34:46.0468 0x0f54  MozillaMaintenance - ok
14:34:46.0468 0x0f54  mraid35x - ok
14:34:46.0484 0x0f54  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:34:46.0609 0x0f54  MRxDAV - ok
14:34:46.0671 0x0f54  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:34:46.0734 0x0f54  MRxSmb - ok
14:34:46.0765 0x0f54  [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:34:46.0875 0x0f54  MSDTC - ok
14:34:46.0875 0x0f54  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:34:47.0046 0x0f54  Msfs - ok
14:34:47.0062 0x0f54  MSIServer - ok
14:34:47.0093 0x0f54  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:34:47.0203 0x0f54  MSKSSRV - ok
14:34:47.0234 0x0f54  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:34:47.0328 0x0f54  MSPCLOCK - ok
14:34:47.0343 0x0f54  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:34:47.0453 0x0f54  MSPQM - ok
14:34:47.0484 0x0f54  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:34:47.0593 0x0f54  mssmbios - ok
14:34:47.0625 0x0f54  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:34:47.0656 0x0f54  Mup - ok
14:34:47.0718 0x0f54  [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:34:47.0828 0x0f54  napagent - ok
14:34:47.0859 0x0f54  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:34:48.0000 0x0f54  NDIS - ok
14:34:48.0046 0x0f54  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:34:48.0062 0x0f54  NdisTapi - ok
14:34:48.0062 0x0f54  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:34:48.0171 0x0f54  Ndisuio - ok
14:34:48.0187 0x0f54  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:34:48.0312 0x0f54  NdisWan - ok
14:34:48.0328 0x0f54  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:34:48.0375 0x0f54  NDProxy - ok
14:34:48.0406 0x0f54  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:34:48.0500 0x0f54  NetBIOS - ok
14:34:48.0531 0x0f54  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:34:48.0656 0x0f54  NetBT - ok
14:34:48.0703 0x0f54  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:34:48.0812 0x0f54  NetDDE - ok
14:34:48.0828 0x0f54  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:34:48.0937 0x0f54  NetDDEdsdm - ok
14:34:49.0031 0x0f54  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:34:49.0125 0x0f54  Netlogon - ok
14:34:49.0156 0x0f54  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman          C:\WINDOWS\System32\netman.dll
14:34:49.0281 0x0f54  Netman - ok
14:34:49.0328 0x0f54  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:34:49.0343 0x0f54  NetTcpPortSharing - ok
14:34:49.0406 0x0f54  [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:34:49.0468 0x0f54  Nla - ok
14:34:49.0500 0x0f54  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:34:49.0625 0x0f54  Npfs - ok
14:34:49.0703 0x0f54  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:34:49.0906 0x0f54  Ntfs - ok
14:34:49.0921 0x0f54  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:34:50.0062 0x0f54  NtLmSsp - ok
14:34:50.0156 0x0f54  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:34:50.0359 0x0f54  NtmsSvc - ok
14:34:50.0406 0x0f54  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:34:50.0531 0x0f54  Null - ok
14:34:50.0578 0x0f54  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:34:50.0750 0x0f54  NwlnkFlt - ok
14:34:50.0765 0x0f54  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:34:50.0890 0x0f54  NwlnkFwd - ok
14:34:50.0984 0x0f54  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:34:51.0000 0x0f54  ose - ok
14:34:51.0062 0x0f54  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:34:51.0171 0x0f54  Parport - ok
14:34:51.0203 0x0f54  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:34:51.0328 0x0f54  PartMgr - ok
14:34:51.0359 0x0f54  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:34:51.0500 0x0f54  ParVdm - ok
14:34:51.0500 0x0f54  [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:34:51.0734 0x0f54  PCI - ok
14:34:51.0750 0x0f54  PCIDump - ok
14:34:51.0796 0x0f54  [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:34:51.0921 0x0f54  PCIIde - ok
14:34:51.0921 0x0f54  [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:34:52.0046 0x0f54  Pcmcia - ok
14:34:52.0046 0x0f54  PDCOMP - ok
14:34:52.0062 0x0f54  PDFRAME - ok
14:34:52.0062 0x0f54  PDRELI - ok
14:34:52.0078 0x0f54  PDRFRAME - ok
14:34:52.0078 0x0f54  perc2 - ok
14:34:52.0093 0x0f54  perc2hib - ok
14:34:52.0140 0x0f54  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay        C:\WINDOWS\system32\services.exe
14:34:52.0171 0x0f54  PlugPlay - ok
14:34:52.0218 0x0f54  [ B489E534D30F95C6240C7FB6C9BF9EC5, 6AD448CA6933546A49E8560D399F75EEA1D1EDA6476ECDCA918C061466287279 ] Pml Driver HPZ12 C:\WINDOWS\system32\hpzipm12.exe
14:34:52.0234 0x0f54  Pml Driver HPZ12 - ok
14:34:52.0234 0x0f54  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:34:52.0343 0x0f54  PolicyAgent - ok
14:34:52.0359 0x0f54  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:34:52.0484 0x0f54  PptpMiniport - ok
14:34:52.0484 0x0f54  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:34:52.0578 0x0f54  ProtectedStorage - ok
14:34:52.0593 0x0f54  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:34:52.0718 0x0f54  PSched - ok
14:34:52.0750 0x0f54  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:34:52.0859 0x0f54  Ptilink - ok
14:34:52.0875 0x0f54  ql1080 - ok
14:34:52.0875 0x0f54  Ql10wnt - ok
14:34:52.0890 0x0f54  ql12160 - ok
14:34:52.0890 0x0f54  ql1240 - ok
14:34:52.0906 0x0f54  ql1280 - ok
14:34:52.0937 0x0f54  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:34:53.0062 0x0f54  RasAcd - ok
14:34:53.0109 0x0f54  [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:34:53.0234 0x0f54  RasAuto - ok
14:34:53.0281 0x0f54  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:34:53.0421 0x0f54  Rasl2tp - ok
14:34:53.0484 0x0f54  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:34:53.0640 0x0f54  RasMan - ok
14:34:53.0656 0x0f54  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:34:53.0796 0x0f54  RasPppoe - ok
14:34:53.0812 0x0f54  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:34:53.0968 0x0f54  Raspti - ok
14:34:54.0000 0x0f54  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:34:54.0125 0x0f54  Rdbss - ok
14:34:54.0140 0x0f54  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:34:54.0250 0x0f54  RDPCDD - ok
14:34:54.0312 0x0f54  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:34:54.0421 0x0f54  rdpdr - ok
14:34:54.0500 0x0f54  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:34:54.0734 0x0f54  RDPWD - ok
14:34:54.0781 0x0f54  [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:34:54.0937 0x0f54  RDSessMgr - ok
14:34:54.0968 0x0f54  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:34:55.0125 0x0f54  redbook - ok
14:34:55.0156 0x0f54  [ 8AC155995F5D10FC0D3AD949A1A68075, AF66B760897F2CF6352D726752BF02A64F99EF843906EF2E4C1A63731F6A938E ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
14:34:55.0203 0x0f54  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
14:34:55.0203 0x0f54  Detect skipped due to KSN trusted
14:34:55.0203 0x0f54  RegSrvc - ok
14:34:55.0250 0x0f54  [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:34:55.0406 0x0f54  RemoteAccess - ok
14:34:55.0437 0x0f54  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:34:55.0578 0x0f54  RemoteRegistry - ok
14:34:55.0593 0x0f54  [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:34:55.0750 0x0f54  RpcLocator - ok
14:34:55.0796 0x0f54  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:34:55.0843 0x0f54  RpcSs - ok
14:34:55.0859 0x0f54  [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:34:55.0984 0x0f54  RSVP - ok
14:34:56.0078 0x0f54  [ 131D50F081D2E29EBD1365B21F6B9736, 402A92A5606C207E38D9AD378C39FC630B177C05D93F1648ADF3329F84DA2908 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
14:34:56.0171 0x0f54  S24EventMonitor - detected UnsignedFile.Multi.Generic ( 1 )
14:34:56.0171 0x0f54  Detect skipped due to KSN trusted
14:34:56.0171 0x0f54  S24EventMonitor - ok
14:34:56.0203 0x0f54  [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4, 4A9EA5F875F2FF5C5EB551EDAFD5153F024576F40983D8450D3184583A3F2B2F ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:34:56.0218 0x0f54  s24trans - detected UnsignedFile.Multi.Generic ( 1 )
14:34:56.0218 0x0f54  Detect skipped due to KSN trusted
14:34:56.0218 0x0f54  s24trans - ok
14:34:56.0250 0x0f54  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:34:56.0375 0x0f54  SamSs - ok
14:34:56.0390 0x0f54  [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:34:56.0546 0x0f54  SCardSvr - ok
14:34:56.0593 0x0f54  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:34:56.0703 0x0f54  Schedule - ok
14:34:56.0750 0x0f54  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:34:56.0843 0x0f54  Secdrv - ok
14:34:56.0859 0x0f54  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:34:56.0968 0x0f54  seclogon - ok
14:34:56.0984 0x0f54  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS            C:\WINDOWS\system32\sens.dll
14:34:57.0109 0x0f54  SENS - ok
14:34:57.0140 0x0f54  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:34:57.0234 0x0f54  serenum - ok
14:34:57.0265 0x0f54  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:34:57.0390 0x0f54  Serial - ok
14:34:57.0437 0x0f54  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:34:57.0578 0x0f54  Sfloppy - ok
14:34:57.0625 0x0f54  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:34:57.0750 0x0f54  SharedAccess - ok
14:34:57.0781 0x0f54  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:34:57.0812 0x0f54  ShellHWDetection - ok
14:34:57.0812 0x0f54  Simbad - ok
14:34:57.0875 0x0f54  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:34:57.0984 0x0f54  SONYPVU1 - ok
14:34:58.0000 0x0f54  Sparrow - ok
14:34:58.0031 0x0f54  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:34:58.0171 0x0f54  splitter - ok
14:34:58.0218 0x0f54  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:34:58.0265 0x0f54  Spooler - ok
14:34:58.0312 0x0f54  [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:34:58.0468 0x0f54  sr - ok
14:34:58.0515 0x0f54  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice       C:\WINDOWS\system32\srsvc.dll
14:34:58.0718 0x0f54  srservice - ok
14:34:58.0828 0x0f54  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:34:58.0906 0x0f54  Srv - ok
14:34:58.0921 0x0f54  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:34:59.0125 0x0f54  SSDPSRV - ok
14:34:59.0156 0x0f54  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:34:59.0187 0x0f54  ssmdrv - ok
14:34:59.0281 0x0f54  [ 305CC42945A713347F978D78566113F3, 92D95E1DCCAA5E31AADB061EB7B531337975974961211BFB7C542FB799348034 ] STAC97          C:\WINDOWS\system32\drivers\STAC97.sys
14:34:59.0328 0x0f54  STAC97 - ok
14:34:59.0390 0x0f54  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:34:59.0687 0x0f54  stisvc - ok
14:34:59.0718 0x0f54  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:34:59.0859 0x0f54  swenum - ok
14:34:59.0906 0x0f54  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:35:00.0000 0x0f54  swmidi - ok
14:35:00.0015 0x0f54  SwPrv - ok
14:35:00.0015 0x0f54  symc810 - ok
14:35:00.0031 0x0f54  symc8xx - ok
14:35:00.0031 0x0f54  sym_hi - ok
14:35:00.0046 0x0f54  sym_u3 - ok
14:35:00.0078 0x0f54  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:35:00.0187 0x0f54  sysaudio - ok
14:35:00.0296 0x0f54  [ 5E855A5ADED6A4642B1F754F3A17F74C, 23AF825E4AE3396F5F396305602A883579FE06DE7B3A5FBDED0952921EC9728C ] syshost32       C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe
14:35:00.0296 0x0f54  Suspicious file ( NoAccess ): C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe. md5: 5E855A5ADED6A4642B1F754F3A17F74C, sha256: 23AF825E4AE3396F5F396305602A883579FE06DE7B3A5FBDED0952921EC9728C
14:35:00.0296 0x0f54  syshost32 - detected LockedFile.Multi.Generic ( 1 )
14:35:00.0296 0x0f54  Detect turned to UDS exact due to KSN untrusted
14:35:00.0296 0x0f54  syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
14:35:00.0296 0x0f54  Force sending object to P2P due to detect: syshost32
14:35:00.0296 0x0f54  Object send P2P result: false
14:35:00.0343 0x0f54  [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:35:00.0468 0x0f54  SysmonLog - ok
14:35:00.0515 0x0f54  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:35:00.0687 0x0f54  TapiSrv - ok
14:35:00.0750 0x0f54  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:35:00.0812 0x0f54  Tcpip - ok
14:35:00.0859 0x0f54  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:35:01.0000 0x0f54  TDPIPE - ok
14:35:01.0031 0x0f54  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:35:01.0187 0x0f54  TDTCP - ok
14:35:01.0218 0x0f54  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:35:01.0390 0x0f54  TermDD - ok
14:35:01.0437 0x0f54  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService     C:\WINDOWS\System32\termsrv.dll
14:35:02.0296 0x0f54  TermService - ok
14:35:02.0328 0x0f54  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:35:02.0375 0x0f54  Themes - ok
14:35:02.0453 0x0f54  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:35:02.0687 0x0f54  TlntSvr - ok
14:35:02.0703 0x0f54  TosIde - ok
14:35:02.0765 0x0f54  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:35:02.0890 0x0f54  TrkWks - ok
14:35:02.0937 0x0f54  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:35:03.0046 0x0f54  Udfs - ok
14:35:03.0046 0x0f54  ultra - ok
14:35:03.0125 0x0f54  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:35:03.0265 0x0f54  Update - ok
14:35:03.0312 0x0f54  [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:35:03.0468 0x0f54  upnphost - ok
14:35:03.0484 0x0f54  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS             C:\WINDOWS\System32\ups.exe
14:35:03.0609 0x0f54  UPS - ok
14:35:03.0656 0x0f54  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:35:03.0687 0x0f54  usbccgp - ok
14:35:03.0734 0x0f54  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:35:03.0750 0x0f54  usbehci - ok
14:35:03.0765 0x0f54  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:35:03.0921 0x0f54  usbhub - ok
14:35:04.0000 0x0f54  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:35:04.0125 0x0f54  usbprint - ok
14:35:04.0156 0x0f54  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:35:04.0312 0x0f54  USBSTOR - ok
14:35:04.0359 0x0f54  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:35:04.0500 0x0f54  usbuhci - ok
14:35:04.0515 0x0f54  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:35:04.0640 0x0f54  VgaSave - ok
14:35:04.0656 0x0f54  ViaIde - ok
14:35:04.0671 0x0f54  [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:35:04.0796 0x0f54  VolSnap - ok
14:35:04.0859 0x0f54  [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS             C:\WINDOWS\System32\vssvc.exe
14:35:04.0984 0x0f54  VSS - ok
14:35:05.0156 0x0f54  [ D6006DE6A6ED423D8016A03BC50CBE6B, DB146F82185274433A474AEFF84EAE517200B9A63F0963348E96BFE8D5454E54 ] w29n51          C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:35:05.0343 0x0f54  w29n51 - ok
14:35:05.0390 0x0f54  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:35:05.0515 0x0f54  W32Time - ok
14:35:05.0531 0x0f54  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:35:05.0656 0x0f54  Wanarp - ok
14:35:05.0656 0x0f54  WDICA - ok
14:35:05.0687 0x0f54  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:35:05.0828 0x0f54  wdmaud - ok
14:35:05.0843 0x0f54  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:35:05.0968 0x0f54  WebClient - ok
14:35:06.0093 0x0f54  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:35:06.0234 0x0f54  winmgmt - ok
14:35:06.0312 0x0f54  [ 8880769B9F88918E27F8E7332AA1AA01, 5620C9EE1C3E570B289A3C9DF731CD7EA680426FF8673E76DBCDC60C0B915477 ] WLANKEEPER      C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
14:35:06.0343 0x0f54  WLANKEEPER - detected UnsignedFile.Multi.Generic ( 1 )
14:35:06.0343 0x0f54  Detect skipped due to KSN trusted
14:35:06.0343 0x0f54  WLANKEEPER - ok
14:35:06.0343 0x0f54  wltrysvc - ok
14:35:06.0406 0x0f54  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:35:06.0421 0x0f54  WmdmPmSN - ok
14:35:06.0500 0x0f54  [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:35:06.0578 0x0f54  Wmi - ok
14:35:06.0640 0x0f54  [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:35:06.0843 0x0f54  WmiApSrv - ok
14:35:06.0984 0x0f54  [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
14:35:07.0109 0x0f54  WMPNetworkSvc - ok
14:35:07.0140 0x0f54  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:35:07.0187 0x0f54  WpdUsb - ok
14:35:07.0328 0x0f54  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:35:07.0437 0x0f54  WPFFontCache_v0400 - ok
14:35:07.0515 0x0f54  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:35:07.0734 0x0f54  wscsvc - ok
14:35:07.0750 0x0f54  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:35:07.0859 0x0f54  wuauserv - ok
14:35:07.0906 0x0f54  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:35:07.0953 0x0f54  WudfPf - ok
14:35:07.0968 0x0f54  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:35:08.0000 0x0f54  WudfRd - ok
14:35:08.0031 0x0f54  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:35:08.0062 0x0f54  WudfSvc - ok
14:35:08.0140 0x0f54  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:35:08.0359 0x0f54  WZCSVC - ok
14:35:08.0406 0x0f54  [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:35:08.0593 0x0f54  xmlprov - ok
14:35:08.0593 0x0f54  ================ Scan global ===============================
14:35:08.0656 0x0f54  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
14:35:08.0718 0x0f54  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
14:35:08.0765 0x0f54  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
14:35:08.0828 0x0f54  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
14:35:08.0843 0x0f54  [ Global ] - ok
14:35:08.0843 0x0f54  ================ Scan MBR ==================================
14:35:08.0875 0x0f54  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:35:09.0187 0x0f54  \Device\Harddisk0\DR0 - ok
14:35:09.0187 0x0f54  ================ Scan VBR ==================================
14:35:09.0187 0x0f54  [ 76C1AB3223AF418A267C2A5506BEB975 ] \Device\Harddisk0\DR0\Partition1
14:35:09.0203 0x0f54  \Device\Harddisk0\DR0\Partition1 - ok
14:35:09.0203 0x0f54  ================ Scan generic autorun ======================
14:35:09.0343 0x0f54  [ 0E81905F53B1A2A41558519CDCDC9C61, 50C48BE7FC37FE15D721659A0EA74C968B42E053F50CB52E4A7D873351EB59DE ] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
14:35:09.0468 0x0f54  IntelZeroConfig - detected UnsignedFile.Multi.Generic ( 1 )
14:35:09.0468 0x0f54  Detect skipped due to KSN trusted
14:35:09.0468 0x0f54  IntelZeroConfig - ok
14:35:09.0593 0x0f54  [ F8A99D6F2C65C83D9E419164D427F1C6, 42C5249AC6DBB1D60DEE04942A522F5EE9D25B4AD62C28741A33D5A1F870A889 ] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
14:35:09.0734 0x0f54  IntelWireless - detected UnsignedFile.Multi.Generic ( 1 )
14:35:09.0734 0x0f54  Detect skipped due to KSN trusted
14:35:09.0734 0x0f54  IntelWireless - ok
14:35:09.0937 0x0f54  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
14:35:10.0062 0x0f54  Adobe ARM - ok
14:35:10.0156 0x0f54  [ E558CDE2913DAA077D4E25732D1AA176, 9A889C1E1EFC85BEEEF184E31888CAA0BC34365C7594543E8798531B4BB9EFB6 ] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
14:35:10.0187 0x0f54  HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )
14:35:10.0187 0x0f54  Detect skipped due to KSN trusted
14:35:10.0187 0x0f54  HP Software Update - ok
14:35:10.0234 0x0f54  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
14:35:10.0359 0x0f54  CTFMON.EXE - ok
14:35:10.0359 0x0f54  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
14:35:10.0453 0x0f54  CTFMON.EXE - ok
14:35:10.0468 0x0f54  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
14:35:10.0562 0x0f54  ctfmon.exe - ok
14:35:10.0578 0x0f54  AV detected via SS1: Avira Desktop, 14.0.7.462, disabled, updated
14:35:10.0578 0x0f54  Win FW state via NFM: disabled
14:35:10.0578 0x0f54  ============================================================
14:35:10.0578 0x0f54  Scan finished
14:35:10.0578 0x0f54  ============================================================
14:35:10.0593 0x0338  Detected object count: 2
14:35:10.0593 0x0338  Actual detected object count: 2
14:36:14.0656 0x0338  C:\WINDOWS\System32\Drivers\d89bd8cd32fcaf20.sys - copied to quarantine
14:36:14.0656 0x0338  HKLM\SYSTEM\ControlSet001\services\d89bd8cd32fcaf20 - will be deleted on reboot
14:36:14.0687 0x0338  HKLM\SYSTEM\ControlSet003\services\d89bd8cd32fcaf20 - will be deleted on reboot
14:36:14.0687 0x0338  C:\WINDOWS\System32\Drivers\d89bd8cd32fcaf20.sys - will be deleted on reboot
14:36:14.0687 0x0338  d89bd8cd32fcaf20 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
14:36:14.0781 0x0338  C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe - copied to quarantine
14:36:14.0781 0x0338  HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
14:36:14.0781 0x0338  HKLM\SYSTEM\ControlSet003\services\syshost32 - will be deleted on reboot
14:36:14.0781 0x0338  C:\WINDOWS\Installer\{74BA6765-3D0E-627F-797B-B7CD594A2F8F}\syshost.exe - will be deleted on reboot
14:36:14.0781 0x0338  syshost32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
14:36:16.0218 0x0338  KLMD registered as C:\WINDOWS\system32\drivers\93662764.sys
14:36:22.0875 0x0bbc  Deinitialize success
         

Alt 08.01.2015, 16:12   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Jetzt nochmal einen frischen Scan mit TDSSKILLER machen und das Log posten.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es eine Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 16:42   #11
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



TDSSKILLER:

Code:
ATTFilter
17:45:00.0078 0x0f80  ============================================================
17:45:00.0078 0x0f80  Scan started
17:45:00.0078 0x0f80  Mode: Manual; 
17:45:00.0078 0x0f80  ============================================================
17:45:00.0078 0x0f80  KSN ping started
17:45:00.0406 0x0f80  KSN ping finished: true
17:45:11.0468 0x0f80  ================ Scan system memory ========================
17:45:13.0468 0x0f80  System memory - ok
17:45:13.0484 0x0f80  ================ Scan services =============================
17:45:23.0640 0x0f80  Abiosdsk - ok
17:45:23.0640 0x0f80  abp480n5 - ok
17:45:24.0046 0x0f80  [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:45:24.0046 0x0f80  ACPI - ok
17:45:24.0093 0x0f80  [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:45:24.0093 0x0f80  ACPIEC - ok
17:45:24.0296 0x0f80  [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:24.0312 0x0f80  AdobeFlashPlayerUpdateSvc - ok
17:45:24.0312 0x0f80  adpu160m - ok
17:45:24.0406 0x0f80  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:45:24.0406 0x0f80  aec - ok
17:45:24.0484 0x0f80  [ 375EB0B97E3950ADEF3633C27A82438B, A79AF11EFAFFAB0CBB0A7A21AD53072C44EFA2EB375981201DE1EF03F3564A12 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:45:24.0484 0x0f80  AegisP - ok
17:45:24.0937 0x0f80  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:45:24.0953 0x0f80  AFD - ok
17:45:24.0953 0x0f80  Aha154x - ok
17:45:24.0968 0x0f80  aic78u2 - ok
17:45:24.0968 0x0f80  aic78xx - ok
17:45:25.0031 0x0f80  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:45:25.0046 0x0f80  Alerter - ok
17:45:25.0078 0x0f80  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG             C:\WINDOWS\System32\alg.exe
17:45:25.0093 0x0f80  ALG - ok
17:45:25.0093 0x0f80  AliIde - ok
17:45:25.0109 0x0f80  amsint - ok
17:45:25.0250 0x0f80  [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:45:25.0265 0x0f80  AppMgmt - ok
17:45:25.0265 0x0f80  asc - ok
17:45:25.0281 0x0f80  asc3350p - ok
17:45:25.0296 0x0f80  asc3550 - ok
17:45:25.0843 0x0f80  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:45:25.0843 0x0f80  aspnet_state - ok
17:45:25.0906 0x0f80  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:45:25.0906 0x0f80  AsyncMac - ok
17:45:25.0968 0x0f80  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:45:25.0968 0x0f80  atapi - ok
17:45:25.0968 0x0f80  Atdisk - ok
17:45:26.0140 0x0f80  [ DFEA480EE09BDEB7F51244900170E173, 60B2D97DB6E806176D44A52707E7ED1E36C911B88FF36D0F43C24BD5DDE28CBD ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:45:26.0156 0x0f80  Ati HotKey Poller - ok
17:45:26.0531 0x0f80  [ 2A6C99CFDC23C9C26D0E30B1C99748D4, ADA8FC9C0B308FC6175947AC716AC463B5A575D7F94720359BF7BBB4ED69F47F ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:45:26.0921 0x0f80  ati2mtag - ok
17:45:26.0984 0x0f80  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:45:27.0000 0x0f80  Atmarpc - ok
17:45:27.0062 0x0f80  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:45:27.0078 0x0f80  AudioSrv - ok
17:45:27.0156 0x0f80  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:45:27.0156 0x0f80  audstub - ok
17:45:27.0171 0x0f80  avkmgr - ok
17:45:27.0281 0x0f80  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:45:27.0281 0x0f80  Beep - ok
17:45:27.0437 0x0f80  [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS            C:\WINDOWS\system32\qmgr.dll
17:45:27.0468 0x0f80  BITS - ok
17:45:27.0562 0x0f80  [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser         C:\WINDOWS\System32\browser.dll
17:45:27.0578 0x0f80  Browser - ok
17:45:28.0390 0x0f80  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:45:28.0390 0x0f80  cbidf2k - ok
17:45:28.0390 0x0f80  cd20xrnt - ok
17:45:28.0421 0x0f80  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:45:28.0421 0x0f80  Cdaudio - ok
17:45:28.0468 0x0f80  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:45:28.0484 0x0f80  Cdfs - ok
17:45:28.0531 0x0f80  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:45:28.0546 0x0f80  Cdrom - ok
17:45:28.0578 0x0f80  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
17:45:28.0578 0x0f80  cercsr6 - ok
17:45:28.0578 0x0f80  Changer - ok
17:45:28.0640 0x0f80  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:45:28.0640 0x0f80  CiSvc - ok
17:45:28.0671 0x0f80  [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:45:28.0687 0x0f80  ClipSrv - ok
17:45:28.0937 0x0f80  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:45:28.0937 0x0f80  clr_optimization_v2.0.50727_32 - ok
17:45:29.0062 0x0f80  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:45:29.0062 0x0f80  clr_optimization_v4.0.30319_32 - ok
17:45:29.0109 0x0f80  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:45:29.0109 0x0f80  CmBatt - ok
17:45:29.0109 0x0f80  CmdIde - ok
17:45:29.0156 0x0f80  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:45:29.0156 0x0f80  Compbatt - ok
17:45:29.0156 0x0f80  COMSysApp - ok
17:45:29.0171 0x0f80  Cpqarray - ok
17:45:29.0234 0x0f80  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:45:29.0234 0x0f80  CryptSvc - ok
17:45:29.0234 0x0f80  dac2w2k - ok
17:45:29.0250 0x0f80  dac960nt - ok
17:45:29.0406 0x0f80  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:45:29.0421 0x0f80  DcomLaunch - ok
17:45:29.0484 0x0f80  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:45:29.0484 0x0f80  Dhcp - ok
17:45:29.0500 0x0f80  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:45:29.0500 0x0f80  Disk - ok
17:45:29.0515 0x0f80  dmadmin - ok
17:45:29.0812 0x0f80  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:45:30.0031 0x0f80  dmboot - ok
17:45:30.0140 0x0f80  [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:45:30.0140 0x0f80  dmio - ok
17:45:30.0187 0x0f80  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:45:30.0187 0x0f80  dmload - ok
17:45:30.0250 0x0f80  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:45:30.0250 0x0f80  dmserver - ok
17:45:30.0296 0x0f80  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:45:30.0296 0x0f80  DMusic - ok
17:45:30.0359 0x0f80  [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:45:30.0359 0x0f80  Dnscache - ok
17:45:30.0453 0x0f80  [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:45:30.0468 0x0f80  Dot3svc - ok
17:45:30.0515 0x0f80  [ BD05306428DA63369692477DDC0F6F5F, DE2FC729A64695AF604D2DC64DF2A0C89598EB81E6D9953732B23E509116C398 ] Dot4Scan        C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
17:45:30.0515 0x0f80  Dot4Scan - ok
17:45:30.0531 0x0f80  dpti2o - ok
17:45:30.0593 0x0f80  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:45:30.0593 0x0f80  drmkaud - ok
17:45:30.0625 0x0f80  [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:45:30.0625 0x0f80  EapHost - ok
17:45:30.0671 0x0f80  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:45:30.0703 0x0f80  ERSvc - ok
17:45:30.0843 0x0f80  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog        C:\WINDOWS\system32\services.exe
17:45:30.0843 0x0f80  Eventlog - ok
17:45:30.0984 0x0f80  [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem     C:\WINDOWS\system32\es.dll
17:45:30.0984 0x0f80  EventSystem - ok
17:45:31.0406 0x0f80  [ 4C6FA3FD55087B7C35707068723A1710, C9595A1962AD98A68FF31428543E86494FE76A4CB11040DBCF46C203DB60FA45 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
17:45:31.0453 0x0f80  EvtEng - ok
17:45:31.0531 0x0f80  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:45:31.0546 0x0f80  Fastfat - ok
17:45:31.0656 0x0f80  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:45:31.0671 0x0f80  FastUserSwitchingCompatibility - ok
17:45:31.0734 0x0f80  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:45:31.0750 0x0f80  Fdc - ok
17:45:31.0796 0x0f80  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:45:31.0796 0x0f80  Fips - ok
17:45:31.0828 0x0f80  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:45:31.0828 0x0f80  Flpydisk - ok
17:45:31.0906 0x0f80  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:45:31.0921 0x0f80  FltMgr - ok
17:45:32.0046 0x0f80  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:45:32.0046 0x0f80  FontCache3.0.0.0 - ok
17:45:32.0062 0x0f80  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:45:32.0062 0x0f80  Fs_Rec - ok
17:45:32.0109 0x0f80  [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:45:32.0125 0x0f80  Ftdisk - ok
17:45:32.0171 0x0f80  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:45:32.0171 0x0f80  Gpc - ok
17:45:32.0359 0x0f80  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:45:32.0359 0x0f80  helpsvc - ok
17:45:32.0437 0x0f80  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:45:32.0437 0x0f80  HidServ - ok
17:45:32.0515 0x0f80  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:45:32.0515 0x0f80  hidusb - ok
17:45:32.0609 0x0f80  [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:45:32.0609 0x0f80  hkmsvc - ok
17:45:32.0609 0x0f80  hpn - ok
17:45:32.0687 0x0f80  [ 32FE92018E28DF54BF94D41FC7FF92AC, 13112E1773B58C89D65DAB6A9C593C698612A4C265038AE7CCDE01730F4AAD7C ] HPPLSBULK       C:\WINDOWS\system32\drivers\hpplsbulk.sys
17:45:32.0687 0x0f80  HPPLSBULK - ok
17:45:32.0734 0x0f80  [ 30CA91E657CEDE2F95359D6EF186F650, 6BBAFBE50E7819695A79586A086A9952B737E174BA2C63C1F180D97EC4AABA4B ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:45:32.0734 0x0f80  HPZid412 - ok
17:45:32.0750 0x0f80  [ EFD31AFA752AA7C7BBB57BCBE2B01C78, AC671CEE9F8DD9FE6C51069212AEB1736BB914361D4185D1E87068D244BF2B7A ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:45:32.0750 0x0f80  HPZipr12 - ok
17:45:32.0781 0x0f80  [ 7AC43C38CA8FD7ED0B0A4466F753E06E, B4D44B366170D247E0145B9435CC678BEE2A2A42CFF7B485E077B3B582557B5A ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:45:32.0781 0x0f80  HPZius12 - ok
17:45:32.0875 0x0f80  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:45:32.0890 0x0f80  HTTP - ok
17:45:32.0937 0x0f80  [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:45:32.0937 0x0f80  HTTPFilter - ok
17:45:32.0953 0x0f80  i2omgmt - ok
17:45:32.0953 0x0f80  i2omp - ok
17:45:33.0015 0x0f80  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:45:33.0015 0x0f80  i8042prt - ok
17:45:33.0328 0x0f80  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:45:33.0546 0x0f80  idsvc - ok
17:45:33.0593 0x0f80  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:45:33.0609 0x0f80  Imapi - ok
17:45:33.0765 0x0f80  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:45:33.0781 0x0f80  ImapiService - ok
17:45:33.0796 0x0f80  ini910u - ok
17:45:33.0843 0x0f80  [ 69C4E3C9E67A1F103B94E14FDD5F3213, 894ABDDBF95E3FFE59A4621AF94AFA7E6F6D780420845078622C76624C0326D2 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
17:45:33.0843 0x0f80  IntelIde - ok
17:45:33.0890 0x0f80  [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:45:33.0890 0x0f80  intelppm - ok
17:45:33.0921 0x0f80  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:45:33.0937 0x0f80  Ip6Fw - ok
17:45:34.0031 0x0f80  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:45:34.0031 0x0f80  IpFilterDriver - ok
17:45:34.0062 0x0f80  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:45:34.0078 0x0f80  IpInIp - ok
17:45:34.0140 0x0f80  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:45:34.0156 0x0f80  IpNat - ok
17:45:34.0187 0x0f80  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:45:34.0203 0x0f80  IPSec - ok
17:45:34.0250 0x0f80  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:45:34.0250 0x0f80  IRENUM - ok
17:45:34.0281 0x0f80  [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:45:34.0296 0x0f80  isapnp - ok
17:45:34.0484 0x0f80  [ 4F4D4AA1E0849FECC0CF5AACD59030B5, F90F33F59926A8F3599B2711C3F4D8F638068D3BE83B390CECD81F9F71DA0DE2 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:45:34.0500 0x0f80  JavaQuickStarterService - ok
17:45:34.0531 0x0f80  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:45:34.0531 0x0f80  Kbdclass - ok
17:45:34.0562 0x0f80  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:45:34.0562 0x0f80  kbdhid - ok
17:45:34.0656 0x0f80  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:45:34.0671 0x0f80  kmixer - ok
17:45:34.0750 0x0f80  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:45:34.0765 0x0f80  KSecDD - ok
17:45:34.0812 0x0f80  [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:45:34.0828 0x0f80  lanmanserver - ok
17:45:34.0921 0x0f80  [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:45:34.0937 0x0f80  lanmanworkstation - ok
17:45:34.0937 0x0f80  lbrtfdc - ok
17:45:35.0000 0x0f80  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:45:35.0000 0x0f80  LmHosts - ok
17:45:35.0046 0x0f80  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:45:35.0046 0x0f80  Messenger - ok
17:45:35.0093 0x0f80  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:45:35.0093 0x0f80  mnmdd - ok
17:45:35.0156 0x0f80  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:45:35.0171 0x0f80  mnmsrvc - ok
17:45:35.0265 0x0f80  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:45:35.0265 0x0f80  Modem - ok
17:45:35.0296 0x0f80  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:45:35.0296 0x0f80  Mouclass - ok
17:45:35.0343 0x0f80  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:45:35.0343 0x0f80  mouhid - ok
17:45:35.0375 0x0f80  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:45:35.0375 0x0f80  MountMgr - ok
17:45:35.0500 0x0f80  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:45:35.0515 0x0f80  MozillaMaintenance - ok
17:45:35.0515 0x0f80  mraid35x - ok
17:45:35.0578 0x0f80  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:45:35.0578 0x0f80  MRxDAV - ok
17:45:35.0781 0x0f80  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:45:35.0812 0x0f80  MRxSmb - ok
17:45:35.0906 0x0f80  [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:45:35.0906 0x0f80  MSDTC - ok
17:45:35.0937 0x0f80  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:45:35.0937 0x0f80  Msfs - ok
17:45:35.0953 0x0f80  MSIServer - ok
17:45:36.0000 0x0f80  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:45:36.0000 0x0f80  MSKSSRV - ok
17:45:36.0046 0x0f80  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:45:36.0046 0x0f80  MSPCLOCK - ok
17:45:36.0078 0x0f80  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:45:36.0078 0x0f80  MSPQM - ok
17:45:36.0125 0x0f80  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:45:36.0125 0x0f80  mssmbios - ok
17:45:36.0187 0x0f80  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:45:36.0203 0x0f80  Mup - ok
17:45:36.0312 0x0f80  [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:45:36.0343 0x0f80  napagent - ok
17:45:36.0421 0x0f80  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:45:36.0437 0x0f80  NDIS - ok
17:45:36.0484 0x0f80  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:45:36.0500 0x0f80  NdisTapi - ok
17:45:36.0531 0x0f80  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:45:36.0546 0x0f80  Ndisuio - ok
17:45:36.0562 0x0f80  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:45:36.0562 0x0f80  NdisWan - ok
17:45:36.0609 0x0f80  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:45:36.0609 0x0f80  NDProxy - ok
17:45:36.0687 0x0f80  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:45:36.0687 0x0f80  NetBIOS - ok
17:45:36.0765 0x0f80  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:45:36.0781 0x0f80  NetBT - ok
17:45:36.0828 0x0f80  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:45:36.0843 0x0f80  NetDDE - ok
17:45:36.0890 0x0f80  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:45:36.0890 0x0f80  NetDDEdsdm - ok
17:45:36.0968 0x0f80  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:45:36.0984 0x0f80  Netlogon - ok
17:45:37.0078 0x0f80  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman          C:\WINDOWS\System32\netman.dll
17:45:37.0093 0x0f80  Netman - ok
17:45:37.0187 0x0f80  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:45:37.0203 0x0f80  NetTcpPortSharing - ok
17:45:37.0343 0x0f80  [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:45:37.0359 0x0f80  Nla - ok
17:45:37.0421 0x0f80  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:45:37.0437 0x0f80  Npfs - ok
17:45:37.0578 0x0f80  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:45:37.0843 0x0f80  Ntfs - ok
17:45:38.0656 0x0f80  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:45:38.0656 0x0f80  NtLmSsp - ok
17:45:38.0859 0x0f80  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:45:38.0859 0x0f80  NtmsSvc - ok
17:45:38.0921 0x0f80  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:45:38.0921 0x0f80  Null - ok
17:45:38.0984 0x0f80  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:45:39.0000 0x0f80  NwlnkFlt - ok
17:45:39.0000 0x0f80  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:45:39.0000 0x0f80  NwlnkFwd - ok
17:45:39.0140 0x0f80  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:45:39.0140 0x0f80  ose - ok
17:45:39.0234 0x0f80  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:45:39.0234 0x0f80  Parport - ok
17:45:39.0281 0x0f80  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:45:39.0281 0x0f80  PartMgr - ok
17:45:39.0359 0x0f80  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:45:39.0359 0x0f80  ParVdm - ok
17:45:39.0406 0x0f80  [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:45:39.0421 0x0f80  PCI - ok
17:45:39.0421 0x0f80  PCIDump - ok
17:45:39.0468 0x0f80  [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:45:39.0468 0x0f80  PCIIde - ok
17:45:39.0484 0x0f80  [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:45:39.0484 0x0f80  Pcmcia - ok
17:45:39.0500 0x0f80  PDCOMP - ok
17:45:39.0500 0x0f80  PDFRAME - ok
17:45:39.0515 0x0f80  PDRELI - ok
17:45:39.0531 0x0f80  PDRFRAME - ok
17:45:39.0531 0x0f80  perc2 - ok
17:45:39.0546 0x0f80  perc2hib - ok
17:45:39.0609 0x0f80  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay        C:\WINDOWS\system32\services.exe
17:45:39.0609 0x0f80  PlugPlay - ok
17:45:39.0703 0x0f80  [ B489E534D30F95C6240C7FB6C9BF9EC5, 6AD448CA6933546A49E8560D399F75EEA1D1EDA6476ECDCA918C061466287279 ] Pml Driver HPZ12 C:\WINDOWS\system32\hpzipm12.exe
17:45:39.0703 0x0f80  Pml Driver HPZ12 - ok
17:45:39.0718 0x0f80  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:45:39.0718 0x0f80  PolicyAgent - ok
17:45:39.0765 0x0f80  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:45:39.0765 0x0f80  PptpMiniport - ok
17:45:39.0828 0x0f80  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:45:39.0828 0x0f80  ProtectedStorage - ok
17:45:40.0062 0x0f80  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:45:40.0062 0x0f80  PSched - ok
17:45:40.0531 0x0f80  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:45:40.0531 0x0f80  Ptilink - ok
17:45:40.0546 0x0f80  ql1080 - ok
17:45:40.0546 0x0f80  Ql10wnt - ok
17:45:40.0546 0x0f80  ql12160 - ok
17:45:40.0562 0x0f80  ql1240 - ok
17:45:40.0562 0x0f80  ql1280 - ok
17:45:40.0703 0x0f80  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:45:40.0703 0x0f80  RasAcd - ok
17:45:41.0109 0x0f80  [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:45:41.0109 0x0f80  RasAuto - ok
17:45:41.0218 0x0f80  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:45:41.0218 0x0f80  Rasl2tp - ok
17:45:42.0531 0x0f80  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:45:42.0546 0x0f80  RasMan - ok
17:45:42.0578 0x0f80  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:45:42.0593 0x0f80  RasPppoe - ok
17:45:42.0625 0x0f80  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:45:42.0625 0x0f80  Raspti - ok
17:45:44.0406 0x0f80  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:45:44.0421 0x0f80  Rdbss - ok
17:45:45.0406 0x0f80  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:45:45.0406 0x0f80  RDPCDD - ok
17:45:47.0078 0x0f80  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:45:47.0078 0x0f80  rdpdr - ok
17:45:47.0171 0x0f80  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:45:47.0171 0x0f80  RDPWD - ok
17:45:47.0281 0x0f80  [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:45:47.0296 0x0f80  RDSessMgr - ok
17:45:47.0328 0x0f80  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:45:47.0328 0x0f80  redbook - ok
17:45:47.0453 0x0f80  [ 8AC155995F5D10FC0D3AD949A1A68075, AF66B760897F2CF6352D726752BF02A64F99EF843906EF2E4C1A63731F6A938E ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
17:45:47.0468 0x0f80  RegSrvc - ok
17:45:47.0546 0x0f80  [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:45:47.0546 0x0f80  RemoteAccess - ok
17:45:47.0609 0x0f80  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:45:47.0609 0x0f80  RemoteRegistry - ok
17:45:47.0656 0x0f80  [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:45:47.0656 0x0f80  RpcLocator - ok
17:45:47.0828 0x0f80  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:45:47.0843 0x0f80  RpcSs - ok
17:45:47.0968 0x0f80  [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:45:47.0984 0x0f80  RSVP - ok
17:45:48.0250 0x0f80  [ 131D50F081D2E29EBD1365B21F6B9736, 402A92A5606C207E38D9AD378C39FC630B177C05D93F1648ADF3329F84DA2908 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
17:45:48.0296 0x0f80  S24EventMonitor - ok
17:45:48.0343 0x0f80  [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4, 4A9EA5F875F2FF5C5EB551EDAFD5153F024576F40983D8450D3184583A3F2B2F ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:45:48.0343 0x0f80  s24trans - ok
17:45:48.0390 0x0f80  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:45:48.0390 0x0f80  SamSs - ok
17:45:48.0421 0x0f80  [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:45:48.0421 0x0f80  SCardSvr - ok
17:45:48.0562 0x0f80  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:45:48.0562 0x0f80  Schedule - ok
17:45:48.0656 0x0f80  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:45:48.0656 0x0f80  Secdrv - ok
17:45:48.0718 0x0f80  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:45:48.0718 0x0f80  seclogon - ok
17:45:48.0781 0x0f80  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS            C:\WINDOWS\system32\sens.dll
17:45:48.0781 0x0f80  SENS - ok
17:45:48.0843 0x0f80  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:45:48.0843 0x0f80  serenum - ok
17:45:48.0875 0x0f80  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:45:48.0875 0x0f80  Serial - ok
17:45:48.0953 0x0f80  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:45:48.0953 0x0f80  Sfloppy - ok
17:45:49.0140 0x0f80  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:45:49.0156 0x0f80  SharedAccess - ok
17:45:49.0234 0x0f80  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:45:49.0234 0x0f80  ShellHWDetection - ok
17:45:49.0265 0x0f80  Simbad - ok
17:45:49.0328 0x0f80  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:45:49.0328 0x0f80  SONYPVU1 - ok
17:45:49.0343 0x0f80  Sparrow - ok
17:45:49.0375 0x0f80  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:45:49.0375 0x0f80  splitter - ok
17:45:49.0468 0x0f80  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:45:49.0468 0x0f80  Spooler - ok
17:45:49.0578 0x0f80  [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:45:49.0578 0x0f80  sr - ok
17:45:49.0656 0x0f80  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice       C:\WINDOWS\system32\srsvc.dll
17:45:49.0671 0x0f80  srservice - ok
17:45:49.0781 0x0f80  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:45:49.0812 0x0f80  Srv - ok
17:45:49.0890 0x0f80  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:45:49.0890 0x0f80  SSDPSRV - ok
17:45:50.0000 0x0f80  [ 305CC42945A713347F978D78566113F3, 92D95E1DCCAA5E31AADB061EB7B531337975974961211BFB7C542FB799348034 ] STAC97          C:\WINDOWS\system32\drivers\STAC97.sys
17:45:50.0000 0x0f80  STAC97 - ok
17:45:50.0125 0x0f80  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:45:50.0140 0x0f80  stisvc - ok
17:45:50.0187 0x0f80  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:45:50.0187 0x0f80  swenum - ok
17:45:50.0265 0x0f80  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:45:50.0265 0x0f80  swmidi - ok
17:45:50.0296 0x0f80  SwPrv - ok
17:45:50.0312 0x0f80  symc810 - ok
17:45:50.0312 0x0f80  symc8xx - ok
17:45:50.0328 0x0f80  sym_hi - ok
17:45:50.0328 0x0f80  sym_u3 - ok
17:45:50.0359 0x0f80  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:45:50.0375 0x0f80  sysaudio - ok
17:45:50.0437 0x0f80  [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:45:50.0437 0x0f80  SysmonLog - ok
17:45:50.0531 0x0f80  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:45:50.0546 0x0f80  TapiSrv - ok
17:45:50.0718 0x0f80  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:45:50.0718 0x0f80  Tcpip - ok
17:45:50.0750 0x0f80  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:45:50.0750 0x0f80  TDPIPE - ok
17:45:50.0781 0x0f80  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:45:50.0781 0x0f80  TDTCP - ok
17:45:50.0843 0x0f80  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:45:50.0843 0x0f80  TermDD - ok
17:45:50.0953 0x0f80  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService     C:\WINDOWS\System32\termsrv.dll
17:45:50.0984 0x0f80  TermService - ok
17:45:51.0046 0x0f80  [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:45:51.0062 0x0f80  Themes - ok
17:45:51.0109 0x0f80  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:45:51.0109 0x0f80  TlntSvr - ok
17:45:51.0125 0x0f80  TosIde - ok
17:45:51.0203 0x0f80  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:45:51.0203 0x0f80  TrkWks - ok
17:45:51.0265 0x0f80  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:45:51.0265 0x0f80  Udfs - ok
17:45:51.0281 0x0f80  ultra - ok
17:45:51.0421 0x0f80  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:45:51.0437 0x0f80  Update - ok
17:45:51.0546 0x0f80  [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:45:51.0562 0x0f80  upnphost - ok
17:45:51.0625 0x0f80  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS             C:\WINDOWS\System32\ups.exe
17:45:51.0625 0x0f80  UPS - ok
17:45:51.0843 0x0f80  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:45:51.0843 0x0f80  usbccgp - ok
17:45:52.0203 0x0f80  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:45:52.0203 0x0f80  usbehci - ok
17:45:52.0265 0x0f80  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:45:52.0265 0x0f80  usbhub - ok
17:45:52.0343 0x0f80  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:45:52.0343 0x0f80  usbprint - ok
17:45:52.0406 0x0f80  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:45:52.0421 0x0f80  USBSTOR - ok
17:45:52.0437 0x0f80  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:45:52.0437 0x0f80  usbuhci - ok
17:45:52.0484 0x0f80  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:45:52.0484 0x0f80  VgaSave - ok
17:45:52.0500 0x0f80  ViaIde - ok
17:45:52.0562 0x0f80  [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:45:52.0562 0x0f80  VolSnap - ok
17:45:53.0671 0x0f80  [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS             C:\WINDOWS\System32\vssvc.exe
17:45:53.0687 0x0f80  VSS - ok
17:45:54.0375 0x0f80  [ D6006DE6A6ED423D8016A03BC50CBE6B, DB146F82185274433A474AEFF84EAE517200B9A63F0963348E96BFE8D5454E54 ] w29n51          C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:45:55.0296 0x0f80  w29n51 - ok
17:45:55.0375 0x0f80  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:45:55.0390 0x0f80  W32Time - ok
17:45:55.0421 0x0f80  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:45:55.0421 0x0f80  Wanarp - ok
17:45:55.0437 0x0f80  WDICA - ok
17:45:55.0484 0x0f80  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:45:55.0484 0x0f80  wdmaud - ok
17:45:55.0562 0x0f80  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:45:55.0562 0x0f80  WebClient - ok
17:45:55.0765 0x0f80  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:45:55.0765 0x0f80  winmgmt - ok
17:45:55.0906 0x0f80  [ 8880769B9F88918E27F8E7332AA1AA01, 5620C9EE1C3E570B289A3C9DF731CD7EA680426FF8673E76DBCDC60C0B915477 ] WLANKEEPER      C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
17:45:55.0906 0x0f80  WLANKEEPER - ok
17:45:55.0921 0x0f80  wltrysvc - ok
17:45:55.0984 0x0f80  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:45:55.0984 0x0f80  WmdmPmSN - ok
17:45:56.0203 0x0f80  [ FFA4D901D46D07A5BAB2D8307FBB51A6, 53C6D04D111EDF774C7F7EEB8D032B372E6244774D56B1B34CF1236027EC9450 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:45:56.0218 0x0f80  Wmi - ok
17:45:57.0015 0x0f80  [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:45:57.0015 0x0f80  WmiApSrv - ok
17:45:57.0343 0x0f80  [ BF05650BB7DF5E9EBDD25974E22403BB, AF173D89B768CFC7AB03DFADD4F049CAC40AC59A0C9208AF5AB92CB368983077 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
17:45:57.0562 0x0f80  WMPNetworkSvc - ok
17:45:57.0640 0x0f80  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:45:57.0656 0x0f80  WpdUsb - ok
17:45:57.0937 0x0f80  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:45:57.0968 0x0f80  WPFFontCache_v0400 - ok
17:45:58.0078 0x0f80  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:45:58.0078 0x0f80  wscsvc - ok
17:45:58.0140 0x0f80  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:45:58.0140 0x0f80  wuauserv - ok
17:45:58.0187 0x0f80  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:45:58.0203 0x0f80  WudfPf - ok
17:45:58.0234 0x0f80  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:45:58.0250 0x0f80  WudfRd - ok
17:45:58.0296 0x0f80  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:45:58.0296 0x0f80  WudfSvc - ok
17:45:58.0468 0x0f80  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:45:58.0500 0x0f80  WZCSVC - ok
17:45:58.0593 0x0f80  [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:45:58.0609 0x0f80  xmlprov - ok
17:45:58.0609 0x0f80  ================ Scan global ===============================
17:45:58.0703 0x0f80  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
17:45:58.0828 0x0f80  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
17:45:58.0890 0x0f80  [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
17:45:58.0968 0x0f80  [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
17:45:58.0968 0x0f80  [ Global ] - ok
17:45:58.0968 0x0f80  ================ Scan MBR ==================================
17:45:59.0000 0x0f80  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:46:01.0062 0x0f80  \Device\Harddisk0\DR0 - ok
17:46:01.0062 0x0f80  ================ Scan VBR ==================================
17:46:01.0078 0x0f80  [ 76C1AB3223AF418A267C2A5506BEB975 ] \Device\Harddisk0\DR0\Partition1
17:46:01.0093 0x0f80  \Device\Harddisk0\DR0\Partition1 - ok
17:46:01.0093 0x0f80  ================ Scan generic autorun ======================
17:46:01.0343 0x0f80  [ 0E81905F53B1A2A41558519CDCDC9C61, 50C48BE7FC37FE15D721659A0EA74C968B42E053F50CB52E4A7D873351EB59DE ] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
17:46:01.0375 0x0f80  IntelZeroConfig - ok
17:46:01.0812 0x0f80  [ F8A99D6F2C65C83D9E419164D427F1C6, 42C5249AC6DBB1D60DEE04942A522F5EE9D25B4AD62C28741A33D5A1F870A889 ] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
17:46:01.0843 0x0f80  IntelWireless - ok
17:46:02.0296 0x0f80  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
17:46:02.0328 0x0f80  Adobe ARM - ok
17:46:02.0562 0x0f80  [ E558CDE2913DAA077D4E25732D1AA176, 9A889C1E1EFC85BEEEF184E31888CAA0BC34365C7594543E8798531B4BB9EFB6 ] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
17:46:02.0562 0x0f80  HP Software Update - ok
17:46:02.0625 0x0f80  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
17:46:02.0625 0x0f80  CTFMON.EXE - ok
17:46:02.0640 0x0f80  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
17:46:02.0640 0x0f80  CTFMON.EXE - ok
17:46:02.0640 0x0f80  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
17:46:02.0640 0x0f80  ctfmon.exe - ok
17:46:02.0687 0x0f80  Win FW state via NFM: disabled
17:46:02.0890 0x0f80  ============================================================
17:46:02.0890 0x0f80  Scan finished
17:46:02.0890 0x0f80  ============================================================
17:46:02.0906 0x0944  Detected object count: 0
17:46:02.0906 0x0944  Actual detected object count: 0
         
Combofix:

Code:
ATTFilter
ComboFix 15-01-08.01 - Günni 08.01.2015  17:52:32.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1105 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\G³nni\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\IsUn0407.exe
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET45.tmp
.
Infizierte Kopie von c:\windows\system32\kernel32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\$NtUninstallKB2922229$\kernel32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-08 bis 2015-01-08  ))))))))))))))))))))))))))))))
.
.
2015-01-08 16:02 . 2015-01-08 16:02	--------	d-----w-	C:\OETemp
2015-01-08 13:36 . 2015-01-08 13:36	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-01-08 07:23 . 2015-01-08 07:25	--------	d-----w-	C:\FRST
2015-01-07 18:24 . 2015-01-07 18:24	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Favoriten
2015-01-07 16:37 . 2015-01-07 16:37	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AviraSpeedup
2015-01-07 16:35 . 2015-01-08 16:57	--------	d-----w-	c:\programme\Avira
2015-01-07 16:35 . 2015-01-08 16:57	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Package Cache
2014-12-29 18:29 . 2014-12-29 18:29	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\McAfee
2014-12-26 10:49 . 2014-12-26 10:49	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-26 10:49 . 2013-07-20 17:53	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-12-26 10:49 . 2013-07-20 17:53	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-11-27 23:24	294456	----a-w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 344064]
"TomcatStartup 2.5"="c:\programme\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Schnellstart.lnk - c:\programme\HP\Digital Imaging\bin\hpqthb08.exe -s [2004-11-4 53248]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Günni^Startmenü^Programme^Autostart^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\dokumente und einstellungen\Günni\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32	253816	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [02.02.2005 17:29 9344]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 10:49]
.
2015-01-08 c:\windows\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
- c:\windows\system32\xp_eos.exe [2014-03-09 23:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=a49796d900000000000000166f6068f3
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=a49796d900000000000000166f6068f3&q=
FF - user.js: extensions.Softonic.id - a49796d900000000000000166f6068f3
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16041
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1419:06
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=a49796d900000000000000166f6068f3
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=a49796d900000000000000166f6068f3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Status Monitor CLJ1500 - c:\programme\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
SafeBoot-28969432.sys
SafeBoot-56939687.sys
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Macromedia FreeHand 9 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-08 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\windows\system32\hpzipm12.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\programme\HP\Digital Imaging\bin\hpqgalry.exe
c:\programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-08  18:02:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-08 17:02
.
Vor Suchlauf: 15 Verzeichnis(se), 35.260.530.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 36.199.657.472 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F5C7C96426C4E9C21CB0850DC754C003
72B8CE41AF0DE751C946802B3ED844B4
         

Geändert von hitboxer (08.01.2015 um 16:58 Uhr)

Alt 08.01.2015, 17:55   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 06:15   #13
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Sooo...

Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.01.2015
Scan Time: 06:31:36
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.04
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Günni

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315555
Time Elapsed: 13 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\OpenCandy, , [be9aa451ec9d55e16701a1906c9714ec], 
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\OpenCandy\7AF532B575A54141944C032933E3806C, , [be9aa451ec9d55e16701a1906c9714ec], 
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\OpenCandy\FCEF29E701E74E849C464B2E165E1789, , [be9aa451ec9d55e16701a1906c9714ec], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, , [2632f1044445f442862eff39a55e46ba], 

Files: 46
PUP.Optional.OpenCandy.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\OpenCandy\FCEF29E701E74E849C464B2E165E1789\Setupsft_chr_p1v7.exe, , [5206bf36bacf033331551244d23316ea], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\searchplugins\softonic.xml, , [ed6b47aee6a3e94db538534b63a0e020], 
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\OpenCandy\7AF532B575A54141944C032933E3806C\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, , [be9aa451ec9d55e16701a1906c9714ec], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, , [2632f1044445f442862eff39a55e46ba], 
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.admin", false);), ,[3a1e33c20386013533e104c49b6acc34]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
 *
 ), ,[5cfc14e1c4c51a1c22f2b612759006fa]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (references

/* Do not edit this file.
 *
 * If you make changes to this file ), ,[4d0b20d5c6c3e353d3416d5b60a57f81]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (e.
 *
 * If you make changes to this file while t), ,[a6b226cf3455fe380e060bbd1ce902fe]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you), ,[99bf19dca1e89c9a50c49c2c30d57b85]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If ), ,[2b2d08ed96f36fc725ef5771877ecf31]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If), ,[5800d421bdcc59dd25effdcb13f2837d]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
 *
 * If), ,[9abe60952663a096b65ee2e61aebdf21]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you m), ,[fd5b4baaf0994cea91834187c5404fb1]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (es

/* Do not edit this file.
 *
 * If y), ,[f95fe11478119c9aa56f0abee91ceb15]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (references

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be ove), ,[5701ed08d5b47eb83fd53e8ac83dc43c]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (tion is running,
 * the changes will be overwritten when the applicatio), ,[da7e01f4e1a8d85ef3214286e02522de]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: ( this file.
 *
 * If you make changes to this fil), ,[90c82dc8a7e2b185a3713e8a9075cb35]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make c), ,[95c3b243583154e2ec289830ae57a35d]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (

/* Do not edit this file.
 *
 * If you m), ,[e96fae47c0c916206ea6775161a42ed2]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwrit), ,[60f8b83d6f1a2e08b460656343c243bd]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (n is running,
 * the changes will be overwritten w), ,[c5930ce92762e84e0b09e9df44c19c64]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make ), ,[15438c69a6e3bb7b22f23791bc49cf31]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (s

/* Do not edit this file.
 *
 * If you m), ,[1e3a61943a4f0c2a0311c008dd28a759]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If y), ,[e078797ca2e79c9a3cd8fccc58ad9e62]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
 *
 * If you make changes to this f), ,[b0a82bca6f1aef4755bf5f6952b360a0]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: ( this file.
 *
 * If you make changes to this file whil), ,[58004fa6a3e646f020f40eba61a449b7]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the a), ,[68f04baa622796a0b95b3d8b74910bf5]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (s running,
 * the changes will be overwritten when), ,[8ace896cfd8c0a2cf61e5a6edb2a4bb5]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make changes ), ,[4711a84d0485f44237dd973117ee728e]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (Do not edit this file.
 *
 * If you make changes t), ,[a4b46e870f7a1c1a0311a127ee171be5]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=a49796d900000000000000166f6068f3");), ,[93c5f6ffd5b486b044d88246e3226b95]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (ity.typeaheadfind.flashBar", 0);
user_pref("app.update.backgroundErrors", 1);
user_pref("app.update.lastUpdateTime.addon-background-update-time), ,[d682a05505844cea0d0f8e3ab74ebd43]
PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\prefs.js, Good: (), Bad: (eTime.addon-background-update-timer", 1420781430);
user_pref("app.update.lastUpdateTime.background-update-timer", 1420706242);
user_pref("app.upda), ,[bc9ca451afda132340dc676139cc04fc]

Physical Sectors: 0
(No malicious items detected)


(end)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 07:01:18
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Günni - G-95B0E170C0764
# Gestartet von : C:\Dokumente und Einstellungen\Günni\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\foxydeal.sqlite
Datei Gelöscht : C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E32160D6-15C3-4F11-9715-5514E6E950B6}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.18702

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=a49796d900000000000000166f6068f3");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.id", "a49796d900000000000000166f6068f3");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16041");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=a49796d900000000000000166f6068f3");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=a49796d900000000000000166f6068f3&q=");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1419:06:59");
[kc8u2sfr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4890 octets] - [09/01/2015 06:59:19]
AdwCleaner[S0].txt - [4954 octets] - [09/01/2015 07:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5014 octets] ##########
         
Junkware:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Gnni on 09.01.2015 at  7:04:59,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at  7:07:27,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Günni (administrator) on G-95B0E170C0764 on 09-01-2015 07:17:08
Running from C:\Dokumente und Einstellungen\Günni\Desktop
Loaded Profile: Günni (Available profiles: Günni)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Intel(R) Corporation) C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
(Hewlett-Packard Company) C:\Programme\HP\HP Software Update\hpwuSchd2.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(ATI Technologies, Inc.) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
(Hewlett-Packard) C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
() C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelZeroConfig] => C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2004-09-13] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [TomcatStartup 2.5] => C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [245760 2004-11-12] (Hewlett-Packard)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
ShortcutTarget: HP Image Zone Schnellstart.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1482476501-1409082233-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1482476501-1409082233-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\abs@avira.com [2015-01-07]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22]

Chrome: 
=======
CHR Profile: C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182184 2013-07-20] (Oracle Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-10] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation ) [File not signed]
R2 WLANKEEPER; C:\Programme\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-02-21] (Intel(R) Corporation) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2013-07-20] (Meetinghouse Data Communications) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-29] (Adaptec, Inc.) [File not signed]
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 HPPLSBULK; C:\WINDOWS\System32\drivers\hpplsbulk.sys [9344 2005-02-02] (Hewlett Packard)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2004-12-24] (HP)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 07:07 - 2015-01-09 07:07 - 00000581 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\JRT.txt
2015-01-09 07:05 - 2015-01-09 07:05 - 00000000 ____D () C:\WINDOWS\LastGood
2015-01-09 07:04 - 2015-01-09 07:04 - 01707939 _____ (Thisisu) C:\Dokumente und Einstellungen\Günni\Desktop\JRT.exe
2015-01-09 07:04 - 2015-01-09 07:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-09 07:03 - 2015-01-09 07:03 - 00005094 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\AdwCleaner[S0].txt
2015-01-09 06:59 - 2015-01-09 07:01 - 00000000 ____D () C:\AdwCleaner
2015-01-09 06:59 - 2015-01-09 06:59 - 02191360 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\AdwCleaner_4.107.exe
2015-01-09 06:57 - 2015-01-09 06:57 - 00013257 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\malwarebytes.txt
2015-01-09 06:31 - 2015-01-09 06:31 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 06:30 - 2015-01-09 06:30 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 06:30 - 2015-01-09 06:30 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 
2015-01-09 06:30 - 2015-01-09 06:30 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 
2015-01-09 06:30 - 2015-01-09 06:30 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-01-09 06:30 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-09 06:30 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-08 18:02 - 2015-01-08 18:02 - 00016095 _____ () C:\ComboFix.txt
2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-01-08 17:56 - 2015-01-08 17:56 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-01-08 17:51 - 2015-01-08 17:51 - 00000000 _RSHD () C:\cmdcons
2015-01-08 17:51 - 2015-01-08 17:05 - 00000211 _____ () C:\Boot.bak
2015-01-08 17:51 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-01-08 17:47 - 2015-01-08 18:02 - 00000000 ____D () C:\Qoobox
2015-01-08 17:47 - 2015-01-08 18:01 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-08 17:47 - 2015-01-08 17:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\Günni\Startmenü\Programme\Verwaltung
2015-01-08 17:47 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-08 17:47 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-08 17:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-08 17:45 - 2015-01-08 17:46 - 05609736 ____R (Swearware) C:\Dokumente und Einstellungen\Günni\Desktop\ComboFix.exe
2015-01-08 17:02 - 2015-01-08 17:02 - 00000000 ____D () C:\OETemp
2015-01-08 14:36 - 2015-01-08 14:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 09:39 - 2015-01-08 09:40 - 01174352 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\TDSSKiller - CHIP-Installer.exe
2015-01-08 08:25 - 2015-01-08 08:25 - 00044803 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\Addition2.txt
2015-01-08 08:23 - 2015-01-09 07:17 - 00010882 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\FRST.txt
2015-01-08 08:23 - 2015-01-09 07:17 - 00000000 ____D () C:\FRST
2015-01-08 08:23 - 2015-01-08 08:25 - 00023137 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\FRST2.txt
2015-01-08 08:23 - 2015-01-08 08:23 - 01115648 _____ (Farbar) C:\Dokumente und Einstellungen\Günni\Desktop\FRST.exe
2015-01-07 20:16 - 2015-01-08 17:56 - 00269310 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 20:16 - 2015-01-08 17:56 - 00269310 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1409082233-682003330-1003-0.dat
2015-01-07 17:37 - 2015-01-07 17:37 - 00063600 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-07 17:37 - 2015-01-07 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AviraSpeedup
2015-01-07 17:35 - 2015-01-08 17:57 - 00000000 ____D () C:\Programme\Avira
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-12-29 19:29 - 2014-12-29 19:29 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee
2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2014-12-10 19:26 - 2014-12-10 19:27 - 00000000 ____D () C:\Programme\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 07:17 - 2013-07-20 18:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-09 07:17 - 2013-07-20 18:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp
2015-01-09 07:05 - 2014-04-09 17:23 - 00018588 _____ () C:\WINDOWS\KB2922229.log
2015-01-09 07:05 - 2013-07-20 18:05 - 01572184 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-09 07:02 - 2013-07-22 11:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-01-09 07:02 - 2013-07-20 18:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-09 07:02 - 2013-07-20 18:59 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-09 07:02 - 2013-07-20 18:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-09 07:02 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-09 07:01 - 2013-07-20 18:11 - 00000300 ___SH () C:\Dokumente und Einstellungen\Günni\ntuser.ini
2015-01-09 07:01 - 2013-07-20 18:10 - 00032466 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-09 06:30 - 2013-07-20 18:56 - 00000000 ___RD () C:\Programme
2015-01-09 06:30 - 2013-07-20 18:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-01-08 18:21 - 2013-07-20 18:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-01-08 17:58 - 2004-08-04 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-08 17:57 - 2013-07-20 19:53 - 27787264 _____ () C:\WINDOWS\system32\config\software.bak
2015-01-08 17:57 - 2013-07-20 19:53 - 04194304 _____ () C:\WINDOWS\system32\config\system.bak
2015-01-08 17:57 - 2013-07-20 19:53 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2015-01-08 17:57 - 2013-07-20 18:55 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-01-08 17:57 - 2013-07-20 18:55 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-01-08 17:51 - 2013-07-20 19:54 - 00000327 __RSH () C:\boot.ini
2015-01-08 17:47 - 2013-07-20 18:11 - 00000000 ___RD () C:\Dokumente und Einstellungen\Günni\Startmenü\Programme
2015-01-08 17:11 - 2013-08-15 19:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-08 17:05 - 2013-07-22 10:46 - 00000000 ____D () C:\WINDOWS\pss
2015-01-08 17:05 - 2013-07-20 18:11 - 00000000 ___RD () C:\Dokumente und Einstellungen\Günni\Startmenü\Programme\Autostart
2015-01-08 17:05 - 2004-08-04 13:00 - 00000623 _____ () C:\WINDOWS\win.ini
2015-01-08 17:03 - 2013-07-20 18:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2015-01-08 17:02 - 2013-07-20 18:55 - 00685487 _____ () C:\WINDOWS\setupapi.log
2015-01-08 15:00 - 2014-03-09 19:13 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-01-08 14:42 - 2014-04-10 17:54 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Eigene Dateien\Mein Steuer-Sparbuch Heute
2015-01-07 19:45 - 2014-01-22 19:35 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-07 19:24 - 2013-07-20 18:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2015-01-07 17:56 - 2013-07-20 19:47 - 00000000 ____D () C:\WINDOWS\repair
2015-01-07 17:56 - 2013-07-20 18:03 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-07 17:33 - 2013-07-20 18:56 - 01250612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-29 19:54 - 2013-08-14 20:23 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Eigene Dateien\Günni
2014-12-26 11:49 - 2013-07-20 18:53 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-26 11:49 - 2013-07-20 18:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-26 11:48 - 2013-07-20 18:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-12-12 20:10 - 2013-07-20 18:46 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Günni at 2015-01-09 07:17:55
Running from C:\Dokumente und Einstellungen\Günni\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Dienstprogramm zur Deinstallation der Software (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5154 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.131.1.2-050706a-025030C-Dell - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.1.7.717 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.18.1128 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
Hotfix für Windows Media Player 11 (KB939683) (HKLM\...\KB939683) (Version:  - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB932716-v2) (HKLM\...\KB932716-v2) (Version: 2 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
HP Color LaserJet 2820/2830/2840 2.0 (HKLM\...\{1030DCDC-2425-407d-BEE1-13558B837FCA}) (Version: 2.0 - HP)
HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - Hewlett-Packard)
hpp2800usg (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppCLJ2800 (Version: 002.000.00004 - Ihr Firmenname) Hidden
hppDustDevil (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppFaxDrv (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppFonts (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppIOFiles (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppManuals2800 (Version: 002.000.00004 - Ihr Firmenname) Hidden
hppscan2800 (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppScanTo (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppSendFax (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppTooCool (Version: 002.000.00004 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mDrWiFi (Version: 9.03.0000 - Intel Corporation) Hidden
mHlpDell (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIWA (Version: 9.03.0000 - Intel Corporation) Hidden
mLogView (Version: 9.03.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.03.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 9.03.0000 - Intel Corporation) Hidden
mSSO (Version: 9.03.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
mZConfig (Version: 9.03.0000 - Intel Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Scan (Version: 4.9.0.0 - Hewlett-Packard) Hidden
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2803821) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB954155) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB973540) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB975558) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB978695) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2846071) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-1482476501-1409082233-682003330-1003\...\{3813890B-1DC2-414C-BDED-833ECC575B97}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points  =========================

25-10-2014 13:49:52 Systemprüfpunkt
15-11-2014 17:19:25 Systemprüfpunkt
08-01-2015 08:46:33 Systemprüfpunkt
08-01-2015 17:06:55 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 13:00 - 2015-01-08 17:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-02-21 10:13 - 2007-02-21 10:13 - 00118784 _____ () C:\Programme\Intel\Wireless\Bin\IWMSPROV.DLL
2013-07-20 18:13 - 2007-03-16 17:10 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-07-20 18:13 - 2007-03-16 17:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-01-26 16:07 - 2014-01-26 16:07 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f79e5a2c\mscorlib.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_9ff81078\system.windows.forms.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_413305d7\system.dll
2014-01-26 16:07 - 2014-01-26 16:07 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_04fb2de0\system.drawing.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a7f44f6e\system.xml.dll
2006-10-17 15:13 - 2006-10-17 15:13 - 01167360 _____ () C:\Programme\Intel\Wireless\Bin\acAuth.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00020572 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
2014-01-22 19:57 - 2014-01-22 19:57 - 00802901 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00028776 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00053342 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\verify.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00094308 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\java.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00053349 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\zip.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00032864 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\net.dll
2014-01-22 19:58 - 2004-08-20 14:02 - 00102400 _____ () C:\WINDOWS\system32\PMLJNI.dll
2014-01-22 19:58 - 2005-02-03 18:31 - 00032768 _____ () C:\WINDOWS\system32\compJNI.dll
2014-01-22 19:58 - 2003-06-16 22:52 - 00074752 _____ () C:\WINDOWS\system32\jst.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^Günni^Startmenü^Programme^Autostart^WISO Mein Steuer-Sparbuch heute.lnk => C:\WINDOWS\pss\WISO Mein Steuer-Sparbuch heute.lnkStartup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1482476501-1409082233-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1482476501-1409082233-682003330-1004 - Limited - Enabled)
Gast (S-1-5-21-1482476501-1409082233-682003330-501 - Limited - Disabled)
Günni (S-1-5-21-1482476501-1409082233-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Günni
Hilfeassistent (S-1-5-21-1482476501-1409082233-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1482476501-1409082233-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Modem
Description: PCI-Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.


System errors:
=============
Error: (01/09/2015 07:05:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 07:03:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 07:03:14 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (01/09/2015 07:03:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 07:03:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 07:02:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 07:02:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
IntelIde

Error: (01/09/2015 07:02:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 07:01:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 06:28:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005


==================== Memory info =========================== 

Processor:  Intel(R) Pentium(R) M processor 2.13GHz
Percentage of memory in use: 23%
Total physical RAM: 2047.39 MB
Available physical RAM: 1562.06 MB
Total Pagefile: 3940.23 MB
Available Pagefile: 3608.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:33.58 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 23F12D67)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 09.01.2015, 08:27   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 09:50   #15
hitboxer
 
Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Standard

Telekom Abuse Team Sicherheitswarnung: Spam-Mails



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4ca3f73b3e1046408587e75c31c99ee8
# engine=21881
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 09:40:11
# local_time=2015-01-09 10:40:11 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# scanned=72373
# found=3
# cleaned=0
# scan_time=3428
sh=F0F6CD79E7291129B01CE1B409E78410A2222C47 ft=1 fh=5c370a7205b4e47c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Günni\Desktop\TDSSKiller - CHIP-Installer.exe"
sh=9F88FAFD3EC8D859CF1572EDC559C9A9D28FDAF6 ft=1 fh=40d54a77a22c7c02 vn="Variante von Win32/Rootkit.Kryptik.ZG Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\08.01.2015_09.47.57\necurs0000\svc0000\tsk0000.dta"
sh=7FF4F9EA1A4D9D936727679D35ABE1F84F7B8565 ft=1 fh=315b23a41cb66ac2 vn="Variante von Win32/Kryptik.CHDW Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\08.01.2015_09.47.57\uds0000\svc0000\tsk0000.dta"
         
SecurityCheck: UNSUPPORTED OPERATING SYSTEM! ABORTED!


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Günni (administrator) on G-95B0E170C0764 on 09-01-2015 10:57:27
Running from C:\Dokumente und Einstellungen\Günni\Desktop
Loaded Profile: Günni (Available profiles: Günni)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(Intel(R) Corporation) C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
(Hewlett-Packard Company) C:\Programme\HP\HP Software Update\hpwuSchd2.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(ATI Technologies, Inc.) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
(Hewlett-Packard) C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
() C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelZeroConfig] => C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [819200 2007-02-21] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [970752 2007-02-21] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2004-09-13] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [ATIPTA] => C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [TomcatStartup 2.5] => C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [245760 2004-11-12] (Hewlett-Packard)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
ShortcutTarget: HP Image Zone Schnellstart.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1482476501-1409082233-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1482476501-1409082233-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\abs@avira.com [2015-01-07]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\Günni\Anwendungsdaten\Mozilla\Firefox\Profiles\kc8u2sfr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22]

Chrome: 
=======
CHR Profile: C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [643072 2007-02-21] (Intel Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182184 2013-07-20] (Oracle Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114800 2014-12-10] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-02-21] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [983040 2007-02-21] (Intel Corporation ) [File not signed]
R2 WLANKEEPER; C:\Programme\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-02-21] (Intel(R) Corporation) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21425 2013-07-20] (Meetinghouse Data Communications) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-29] (Adaptec, Inc.) [File not signed]
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 HPPLSBULK; C:\WINDOWS\System32\drivers\hpplsbulk.sys [9344 2005-02-02] (Hewlett Packard)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2004-12-24] (HP)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-02-21] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2209408 2007-02-08] (Intel® Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 10:56 - 2015-01-09 10:56 - 00852505 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\SecurityCheck.exe
2015-01-09 10:54 - 2015-01-09 10:54 - 00000383 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\esetttt.txt
2015-01-09 09:38 - 2015-01-09 09:38 - 02347384 _____ (ESET) C:\Dokumente und Einstellungen\Günni\Desktop\esetsmartinstaller_deu.exe
2015-01-09 09:38 - 2015-01-09 09:38 - 00000000 ____D () C:\Programme\ESET
2015-01-09 07:07 - 2015-01-09 07:07 - 00000581 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\JRT.txt
2015-01-09 07:05 - 2015-01-09 07:05 - 00000000 ____D () C:\WINDOWS\LastGood
2015-01-09 07:04 - 2015-01-09 07:04 - 01707939 _____ (Thisisu) C:\Dokumente und Einstellungen\Günni\Desktop\JRT.exe
2015-01-09 07:04 - 2015-01-09 07:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-09 07:03 - 2015-01-09 07:03 - 00005094 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\AdwCleaner[S0].txt
2015-01-09 06:59 - 2015-01-09 07:01 - 00000000 ____D () C:\AdwCleaner
2015-01-09 06:59 - 2015-01-09 06:59 - 02191360 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\AdwCleaner_4.107.exe
2015-01-09 06:57 - 2015-01-09 06:57 - 00013257 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\malwarebytes.txt
2015-01-09 06:31 - 2015-01-09 06:31 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 06:30 - 2015-01-09 06:30 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 06:30 - 2015-01-09 06:30 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 
2015-01-09 06:30 - 2015-01-09 06:30 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 
2015-01-09 06:30 - 2015-01-09 06:30 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-01-09 06:30 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-09 06:30 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-08 18:02 - 2015-01-08 18:02 - 00016095 _____ () C:\ComboFix.txt
2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-01-08 17:56 - 2015-01-08 17:56 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-01-08 17:51 - 2015-01-08 17:51 - 00000000 _RSHD () C:\cmdcons
2015-01-08 17:51 - 2015-01-08 17:05 - 00000211 _____ () C:\Boot.bak
2015-01-08 17:51 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-01-08 17:47 - 2015-01-08 18:02 - 00000000 ____D () C:\Qoobox
2015-01-08 17:47 - 2015-01-08 18:01 - 00000000 ____D () C:\WINDOWS\erdnt
2015-01-08 17:47 - 2015-01-08 17:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\Günni\Startmenü\Programme\Verwaltung
2015-01-08 17:47 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-01-08 17:47 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-01-08 17:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-01-08 17:47 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-01-08 17:45 - 2015-01-08 17:46 - 05609736 ____R (Swearware) C:\Dokumente und Einstellungen\Günni\Desktop\ComboFix.exe
2015-01-08 17:02 - 2015-01-08 17:02 - 00000000 ____D () C:\OETemp
2015-01-08 14:36 - 2015-01-08 14:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 09:39 - 2015-01-08 09:40 - 01174352 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\TDSSKiller - CHIP-Installer.exe
2015-01-08 08:25 - 2015-01-08 08:25 - 00044803 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\Addition2.txt
2015-01-08 08:23 - 2015-01-09 10:57 - 00010907 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\FRST.txt
2015-01-08 08:23 - 2015-01-09 10:57 - 00000000 ____D () C:\FRST
2015-01-08 08:23 - 2015-01-08 08:25 - 00023137 _____ () C:\Dokumente und Einstellungen\Günni\Desktop\FRST2.txt
2015-01-08 08:23 - 2015-01-08 08:23 - 01115648 _____ (Farbar) C:\Dokumente und Einstellungen\Günni\Desktop\FRST.exe
2015-01-07 20:16 - 2015-01-08 17:56 - 00269310 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-07 20:16 - 2015-01-08 17:56 - 00269310 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1409082233-682003330-1003-0.dat
2015-01-07 17:37 - 2015-01-07 17:37 - 00063600 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-01-07 17:37 - 2015-01-07 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\AviraSpeedup
2015-01-07 17:35 - 2015-01-08 17:57 - 00000000 ____D () C:\Programme\Avira
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-12-29 19:29 - 2014-12-29 19:29 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee
2014-12-26 11:49 - 2014-12-26 11:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2014-12-10 19:26 - 2014-12-10 19:27 - 00000000 ____D () C:\Programme\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 10:57 - 2013-07-20 18:11 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp
2015-01-09 10:17 - 2013-07-20 18:53 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-09 09:38 - 2013-07-20 18:56 - 00000000 ___RD () C:\Programme
2015-01-09 07:05 - 2014-04-09 17:23 - 00018588 _____ () C:\WINDOWS\KB2922229.log
2015-01-09 07:05 - 2013-07-20 18:05 - 01572409 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-09 07:02 - 2013-07-22 11:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-01-09 07:02 - 2013-07-20 18:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-09 07:02 - 2013-07-20 18:59 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-09 07:02 - 2013-07-20 18:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-09 07:02 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-09 07:01 - 2013-07-20 18:11 - 00000300 ___SH () C:\Dokumente und Einstellungen\Günni\ntuser.ini
2015-01-09 07:01 - 2013-07-20 18:10 - 00032466 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-09 06:30 - 2013-07-20 18:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-01-08 18:21 - 2013-07-20 18:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-01-08 17:58 - 2004-08-04 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-08 17:57 - 2013-07-20 19:53 - 27787264 _____ () C:\WINDOWS\system32\config\software.bak
2015-01-08 17:57 - 2013-07-20 19:53 - 04194304 _____ () C:\WINDOWS\system32\config\system.bak
2015-01-08 17:57 - 2013-07-20 19:53 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2015-01-08 17:57 - 2013-07-20 18:55 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-01-08 17:57 - 2013-07-20 18:55 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-01-08 17:51 - 2013-07-20 19:54 - 00000327 __RSH () C:\boot.ini
2015-01-08 17:47 - 2013-07-20 18:11 - 00000000 ___RD () C:\Dokumente und Einstellungen\Günni\Startmenü\Programme
2015-01-08 17:11 - 2013-08-15 19:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-08 17:05 - 2013-07-22 10:46 - 00000000 ____D () C:\WINDOWS\pss
2015-01-08 17:05 - 2013-07-20 18:11 - 00000000 ___RD () C:\Dokumente und Einstellungen\Günni\Startmenü\Programme\Autostart
2015-01-08 17:05 - 2004-08-04 13:00 - 00000623 _____ () C:\WINDOWS\win.ini
2015-01-08 17:03 - 2013-07-20 18:56 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2015-01-08 17:02 - 2013-07-20 18:55 - 00685487 _____ () C:\WINDOWS\setupapi.log
2015-01-08 15:00 - 2014-03-09 19:13 - 00000216 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-01-08 14:42 - 2014-04-10 17:54 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Eigene Dateien\Mein Steuer-Sparbuch Heute
2015-01-07 19:45 - 2014-01-22 19:35 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-07 19:24 - 2013-07-20 18:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2015-01-07 17:56 - 2013-07-20 19:47 - 00000000 ____D () C:\WINDOWS\repair
2015-01-07 17:56 - 2013-07-20 18:03 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-07 17:33 - 2013-07-20 18:56 - 01250612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-29 19:54 - 2013-08-14 20:23 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Eigene Dateien\Günni
2014-12-26 11:49 - 2013-07-20 18:53 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-26 11:49 - 2013-07-20 18:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-26 11:48 - 2013-07-20 18:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-12-12 20:10 - 2013-07-20 18:46 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\Günni\Lokale Einstellungen\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Günni at 2015-01-09 10:58:06
Running from C:\Dokumente und Einstellungen\Günni\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Dienstprogramm zur Deinstallation der Software (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5154 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.131.1.2-050706a-025030C-Dell - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
CP_PLSBusinessFlyers (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.1.7.717 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.18.1128 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
Hotfix für Windows Media Player 11 (KB939683) (HKLM\...\KB939683) (Version:  - Microsoft Corporation)
Hotfix für Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB932716-v2) (HKLM\...\KB932716-v2) (Version: 2 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
HP Color LaserJet 2820/2830/2840 2.0 (HKLM\...\{1030DCDC-2425-407d-BEE1-13558B837FCA}) (Version: 2.0 - HP)
HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - Hewlett-Packard)
hpp2800usg (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppCLJ2800 (Version: 002.000.00004 - Ihr Firmenname) Hidden
hppDustDevil (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppFaxDrv (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppFonts (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppIOFiles (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppManuals2800 (Version: 002.000.00004 - Ihr Firmenname) Hidden
hppscan2800 (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppScanTo (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppSendFax (Version: 002.000.00004 - Hewlett-Packard) Hidden
hppTooCool (Version: 002.000.00004 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
mCore (Version: 9.03.0000 - Intel Corporation) Hidden
mDriver (Version: 9.03.0000 - Intel) Hidden
mDrWiFi (Version: 9.03.0000 - Intel Corporation) Hidden
mHlpDell (Version: 9.03.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIWA (Version: 9.03.0000 - Intel Corporation) Hidden
mLogView (Version: 9.03.0000 - Intel Corporation) Hidden
mMHouse (Version: 9.03.0000 - Intel Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.03.0000 - Intel Corporation) Hidden
mPfWiz (Version: 9.03.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 9.03.0000 - Intel Corporation) Hidden
mSSO (Version: 9.03.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 9.03.0000 - Intel Corporation) Hidden
mZConfig (Version: 9.03.0000 - Intel Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Scan (Version: 4.9.0.0 - Hewlett-Packard) Hidden
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2803821) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB954155) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB973540) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB975558) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player (KB978695) (Version:  - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2846071) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-1482476501-1409082233-682003330-1003\...\{3813890B-1DC2-414C-BDED-833ECC575B97}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-1409082233-682003330-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points  =========================

25-10-2014 13:49:52 Systemprüfpunkt
15-11-2014 17:19:25 Systemprüfpunkt
08-01-2015 08:46:33 Systemprüfpunkt
08-01-2015 17:06:55 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 13:00 - 2015-01-08 17:58 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-02-21 10:13 - 2007-02-21 10:13 - 00118784 _____ () C:\Programme\Intel\Wireless\Bin\IWMSPROV.DLL
2013-07-20 18:13 - 2007-03-16 17:10 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-07-20 18:13 - 2007-03-16 17:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-01-26 16:07 - 2014-01-26 16:07 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f79e5a2c\mscorlib.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_9ff81078\system.windows.forms.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_413305d7\system.dll
2014-01-26 16:07 - 2014-01-26 16:07 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_04fb2de0\system.drawing.dll
2014-01-26 16:06 - 2014-01-26 16:06 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a7f44f6e\system.xml.dll
2006-10-17 15:13 - 2006-10-17 15:13 - 01167360 _____ () C:\Programme\Intel\Wireless\Bin\acAuth.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00020572 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
2014-01-22 19:57 - 2014-01-22 19:57 - 00802901 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00028776 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00053342 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\verify.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00094308 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\java.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00053349 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\zip.dll
2014-01-22 19:57 - 2014-01-22 19:57 - 00032864 _____ () C:\Programme\Hewlett-Packard\Toolbox\jre\bin\net.dll
2014-01-22 19:58 - 2004-08-20 14:02 - 00102400 _____ () C:\WINDOWS\system32\PMLJNI.dll
2014-01-22 19:58 - 2005-02-03 18:31 - 00032768 _____ () C:\WINDOWS\system32\compJNI.dll
2014-01-22 19:58 - 2003-06-16 22:52 - 00074752 _____ () C:\WINDOWS\system32\jst.dll
2014-12-10 19:26 - 2014-12-10 19:26 - 03758192 _____ () C:\Programme\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^Günni^Startmenü^Programme^Autostart^WISO Mein Steuer-Sparbuch heute.lnk => C:\WINDOWS\pss\WISO Mein Steuer-Sparbuch heute.lnkStartup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1482476501-1409082233-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1482476501-1409082233-682003330-1004 - Limited - Enabled)
Gast (S-1-5-21-1482476501-1409082233-682003330-501 - Limited - Disabled)
Günni (S-1-5-21-1482476501-1409082233-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Günni
Hilfeassistent (S-1-5-21-1482476501-1409082233-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1482476501-1409082233-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Modem
Description: PCI-Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)". hr = 0x80070005.


System errors:
=============
Error: (01/09/2015 09:37:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 09:37:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 09:37:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:47:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:46:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:46:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:45:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:20:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:19:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 08:19:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005

Error: (01/07/2015 08:14:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{1e7bf544-f164-11e2-8bb3-806d6172696f},0xc0000000,0x00000003,...)0x80070005


==================== Memory info =========================== 

Processor:  Intel(R) Pentium(R) M processor 2.13GHz
Percentage of memory in use: 38%
Total physical RAM: 2047.39 MB
Available physical RAM: 1251.13 MB
Total Pagefile: 3940.23 MB
Available Pagefile: 3264.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:33.44 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 23F12D67)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Telekom Abuse Team Sicherheitswarnung: Spam-Mails
abuse team, anschluss, behauptet, betreff, computer, emails, erhalte, erhalten, hinweise, interne, internetzugang, nutzen, rootkit.win32.necurs.gen, sicherheitsexperten, sicherheitswarnung, spam-mails, system, telekom, uds:dangerousobject.multi.generic, versand, versendet, welchem, wichtige, windows, zugang



Ähnliche Themen: Telekom Abuse Team Sicherheitswarnung: Spam-Mails


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. E-Mail von "Deutsche Telekom Abuse Team" aufgrund von Spam-Mails/Viren/Trojanern
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (7)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Abuse@Telekom.de - Sicherheitswarnung zum Internetzugang 1 PC mit Trojaner generic infiziert
    Log-Analyse und Auswertung - 20.04.2015 (27)
  5. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  6. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  7. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  8. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  9. Sicherheitswarnung zum Internetzugang Abuse Team
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (1)
  10. Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde
    Log-Analyse und Auswertung - 18.09.2013 (35)
  11. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  12. Telekom Abuse-Team: Ihre Internet-Zugangsnummer als Quelle von Massen-E-Mails identifiziert
    Log-Analyse und Auswertung - 16.04.2013 (14)
  13. 2. Thread (PC): Telekom Abuse-Team: Ihre Internet-Zugangsnummer als Quelle von Massen-E-Mails identifiziert
    Log-Analyse und Auswertung - 14.04.2013 (23)
  14. Mail vom Telekom Abuse-Team / Wichtige Sicherheitswarnung zu ihrem Internetzugang
    Log-Analyse und Auswertung - 22.11.2012 (3)
  15. Telekom Brief Abuse bzgl. Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (12)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)

Zum Thema Telekom Abuse Team Sicherheitswarnung: Spam-Mails - Hallo, ich habe heute einen Brief von der Telekom erhalten mit dem Betreff: "Wichtige Sicherheitswarnung zu Ihrem Internetzugang". Darin wird behauptet, dass es Hinweise auf den Versand von Spam-Mails durch - Telekom Abuse Team Sicherheitswarnung: Spam-Mails...
Archiv
Du betrachtest: Telekom Abuse Team Sicherheitswarnung: Spam-Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.