Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vermutlich Cryptowall Virus auf XP Rechner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.04.2015, 13:24   #1
Roland500sel
 
Vermutlich Cryptowall Virus auf XP Rechner - Standard

Vermutlich Cryptowall Virus auf XP Rechner



Hallo Trojaner-Team,

mein Name ist Roland und habe heute lauter unschöne Dokumente auf meinem Rechner gefunden.

HELP_DECRYPT.HTML
HELP_DECRYPT.PNG
HELP_DECRYPT.TXT

Ich vermute, dass sie mit dem Anhang einer Email eines Kunden kam. Apropos Kunden, ich bin Inhaber, Malocher, Buchhalter und Putzfrau einer weltumspannenden Ein-Mann-Firma, die alte Alufelgen restauriert und vertreibt. Da es in letzter Zeit langsam etwas bergauf ging, habe ich mir endlich einen neuen Rechner mit Windows 8.1 geleistet, diesen aber leider noch nicht ganz begriffen (Ich bin alt und hasse diesen Kachelkram ) Darum gurke ich also noch mit dem XP-Rechner rum. Ich weiß, es ist töricht, kein Support mehr usw. - sparen wir uns also die (berechtigten) Vorträge.

In der Googlesuche tauchte ein weiteres solches Thema im TB auf und ich habe begonnen, die ersten Scans nach der Anleitung durchzuführen. Bis jetzt komme ich noch an alle Dateien ram, aber das wird wohl nicht mehr so lange dauern, bis sie unbrauchbar sind.

Begonnen habe ich mit ListCWall.


ListCWall 1.3.0 by Lawrence Abrams (Grinler)
Backup function added by The Pugilist
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about the CryptoWall Ransomware can be found here:
hxxp://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Windows Version: Microsoft Windows XP Service Pack 3
Username: RMM Computer Name: RMM-NUNFDW5LN3A

Program started at: 04/02/2015 01:12:55 PM.


Die nächsten Schritte

Laufwerksemulationen abschalten mit Defogger (erledigt)

Systemscan mit FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by RMM (administrator) on RMM-NUNFDW5LN3A on 02-04-2015 12:20:16
Running from C:\Dokumente und Einstellungen\RMM\Desktop
Loaded Profiles: RMM (Available profiles: RMM & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Nero AG) C:\Programme\Motorola Media Link\Lite\NServiceEntry.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Programme\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\WINDOWS\Dit.exe
() C:\WINDOWS\DitExp.exe
(Microsoft Corporation) C:\Programme\Outlook Express\msimn.exe
(www.bid-o-matic.org) C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Dit] => C:\WINDOWS\Dit.exe [73728 2002-08-28] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM Group Policy restriction on software: C:\Programme\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\System32\CTFMON.EXE [24064 2010-04-08] (Gerhard Schlager)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\System32\CTFMON.EXE [24064 2010-04-08] (Gerhard Schlager)
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\...\Run: [swg] => C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-20] (Google Inc.)
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\System32\CTFMON.EXE [24064 2010-04-08] (Gerhard Schlager)
Startup: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.HTML ()
Startup: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.PNG ()
Startup: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.TXT ()
InternetURL: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/13bhRze
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1394018261&from=obw&uid=ST3120023A_3KA09WSB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394018261&from=obw&uid=ST3120023A_3KA09WSB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1394018261&from=obw&uid=ST3120023A_3KA09WSB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394018261&from=obw&uid=ST3120023A_3KA09WSB&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8Fe20IHAoCbN8nDN2h6U0u4J-YFDnn4TES17rXBt5wSbG-MDdaUcn89xeNffN-uU,
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8Fe20IHAoCbN8nDN2h6U0u4J-YFDnn4TES17rXBt5wSbG-MDdaUcn89xeNffN-uU,
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2c,&q={searchTerms}
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1394018261&from=obw&uid=ST3120023A_3KA09WSB
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394018261&from=obw&uid=ST3120023A_3KA09WSB&q={searchTerms}
HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2c,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2A,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2c,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP19EB28AF-3F83-4F71-AFD9-98A7E59D74B1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUfdvXGWwEVMWq5D4lWbqoi2vHeIybMKBv45JaRPQywT3teRAWg_czE3phWDLuhnQ8GclKx2srV2SKWVF13mVkJx1zeOkPWmc6ibzqWuDFeOjO1iHqshsCfpmOm1DhT2c,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO2&o=&src=crm&q={searchTerms}&locale=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\WINDOWS\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll [2014-03-05] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2013-11-20] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Programme\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-11-20] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll [2014-03-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2013-11-20] (Google Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2013-11-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2013-11-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-1606980848-1682526488-854245398-1004 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4EF21205-BB95-43A0-BEE0-964D661E686C}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Mozilla\Firefox\Profiles\8htdib00.default-1415459308809
FF NewTab: about:blank
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [2014-03-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Programme\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-08-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-08-23] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll [2012-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll [2012-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll [2012-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll [2012-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll [2012-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll [2012-10-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll [2012-10-19] (Apple Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\sweet-page.xml [2014-03-05]
FF Extension: Classic Theme Restorer - C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Mozilla\Firefox\Profiles\8htdib00.default-1415459308809\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-08]
FF Extension: tabs closebutton restored - C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Mozilla\Firefox\Profiles\8htdib00.default-1415459308809\Extensions\tabsclosebutton@nuko.org.xpi [2014-11-08]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Mozilla\Firefox\Profiles\8htdib00.default-1415459308809\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-11-17]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Mozilla\Firefox\Profiles\8htdib00.default-1415459308809\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S4 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 DeviceMonitorService; C:\Programme\Motorola Media Link\Lite\NServiceEntry.exe [87368 2011-04-30] (Nero AG)
S4 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-15] (Google)
S4 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-03-05] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-03-24] (Mozilla Foundation) [File not signed]
R2 NAUpdate; C:\Programme\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
S4 NitroReaderDriverReadSpool3; C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [158856 2012-05-03] (Skype Technologies)
S4 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]
S4 gupdate; "C:\Programme\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Programme\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Prosieben; "C:\Programme\maxdome\DCBin\DCService.exe" /accountid:Prosieben [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
S3 Andbus; C:\WINDOWS\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\WINDOWS\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 Cap7134; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [350752 2003-06-05] (Philips Semiconductors)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-19] (Disc Soft Ltd) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985728 2008-09-10] (Conexant Systems, Inc.)
R3 Intels51; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [670203 2003-05-22] (Intel Corporation)
R3 LgBttPort; C:\WINDOWS\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\WINDOWS\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\WINDOWS\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PhTVTune; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [24704 2003-06-12] (Philips Semiconductors)
R0 SiSide; C:\WINDOWS\System32\DRIVERS\siside.sys [5760 2002-07-30] (Silicon Integrated Systems Corp.)
R0 sisidex; C:\WINDOWS\System32\drivers\sisidex.sys [48896 2002-05-28] (Windows (R) 2000 DDK provider) [File not signed]
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32256 2002-04-16] (SiS Corporation)
R0 sisperf; C:\WINDOWS\System32\drivers\sisperf.sys [9472 2002-08-20] (Silicon Integrated Systems Corp.) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 12:17 - 2015-04-02 12:20 - 00043859 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\Addition.txt
2015-04-02 12:08 - 2015-04-02 12:20 - 00024490 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\FRST.txt
2015-04-02 12:07 - 2015-04-02 12:20 - 00000000 ____D () C:\FRST
2015-04-02 12:06 - 2015-04-02 12:06 - 01135104 _____ (Farbar) C:\Dokumente und Einstellungen\RMM\Desktop\FRST.exe
2015-04-02 12:05 - 2015-04-02 12:06 - 00000468 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\defogger_disable.log
2015-04-02 12:05 - 2015-04-02 12:05 - 00050477 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\Defogger.exe
2015-04-02 12:05 - 2015-04-02 12:05 - 00000148 _____ () C:\Dokumente und Einstellungen\RMM\defogger_reenable
2015-04-02 12:01 - 2015-04-02 12:18 - 04230618 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\ListCWall.txt
2015-04-02 12:00 - 2015-04-02 12:00 - 00452424 _____ (Bleeping Computer, LLC) C:\Dokumente und Einstellungen\RMM\Desktop\ListCWall.exe
2015-04-02 11:57 - 2015-04-02 11:57 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Dokumente und Einstellungen\RMM\Desktop\SpyHunter-Installer.exe
2015-04-01 22:19 - 2015-04-01 22:19 - 00009016 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.HTML
2015-04-01 22:19 - 2015-04-01 22:19 - 00004834 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.TXT
2015-04-01 22:19 - 2015-04-01 22:19 - 00000280 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.URL
2015-04-01 22:01 - 2015-04-01 22:01 - 00009016 _____ () C:\HELP_DECRYPT.HTML
2015-04-01 22:01 - 2015-04-01 22:01 - 00004834 _____ () C:\HELP_DECRYPT.TXT
2015-04-01 22:01 - 2015-04-01 22:01 - 00000280 _____ () C:\HELP_DECRYPT.URL
2015-04-01 21:57 - 2015-04-01 21:57 - 00009016 _____ () C:\Programme\HELP_DECRYPT.HTML
2015-04-01 21:57 - 2015-04-01 21:57 - 00004834 _____ () C:\Programme\HELP_DECRYPT.TXT
2015-04-01 21:57 - 2015-04-01 21:57 - 00000280 _____ () C:\Programme\HELP_DECRYPT.URL
2015-04-01 21:47 - 2015-04-01 21:47 - 00009016 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.HTML
2015-04-01 21:47 - 2015-04-01 21:47 - 00004834 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.TXT
2015-04-01 21:47 - 2015-04-01 21:47 - 00000280 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.URL
2015-04-01 21:46 - 2015-04-01 21:46 - 00009016 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\HELP_DECRYPT.HTML
2015-04-01 21:46 - 2015-04-01 21:46 - 00009016 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:46 - 2015-04-01 21:46 - 00009016 _____ () C:\Dokumente und Einstellungen\RMM\HELP_DECRYPT.HTML
2015-04-01 21:46 - 2015-04-01 21:46 - 00009016 _____ () C:\Dokumente und Einstellungen\HELP_DECRYPT.HTML
2015-04-01 21:46 - 2015-04-01 21:46 - 00004834 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\HELP_DECRYPT.TXT
2015-04-01 21:46 - 2015-04-01 21:46 - 00004834 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:46 - 2015-04-01 21:46 - 00004834 _____ () C:\Dokumente und Einstellungen\RMM\HELP_DECRYPT.TXT
2015-04-01 21:46 - 2015-04-01 21:46 - 00004834 _____ () C:\Dokumente und Einstellungen\HELP_DECRYPT.TXT
2015-04-01 21:46 - 2015-04-01 21:46 - 00000280 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\HELP_DECRYPT.URL
2015-04-01 21:46 - 2015-04-01 21:46 - 00000280 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:46 - 2015-04-01 21:46 - 00000280 _____ () C:\Dokumente und Einstellungen\RMM\HELP_DECRYPT.URL
2015-04-01 21:46 - 2015-04-01 21:46 - 00000280 _____ () C:\Dokumente und Einstellungen\HELP_DECRYPT.URL
2015-04-01 21:35 - 2015-04-01 21:35 - 00009016 _____ () C:\Dokumente und Einstellungen\RMM\Eigene Dateien\HELP_DECRYPT.HTML
2015-04-01 21:35 - 2015-04-01 21:35 - 00004834 _____ () C:\Dokumente und Einstellungen\RMM\Eigene Dateien\HELP_DECRYPT.TXT
2015-04-01 21:35 - 2015-04-01 21:35 - 00000280 _____ () C:\Dokumente und Einstellungen\RMM\Eigene Dateien\HELP_DECRYPT.URL
2015-04-01 21:19 - 2015-04-01 21:19 - 00009016 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:19 - 2015-04-01 21:19 - 00004834 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:19 - 2015-04-01 21:19 - 00000280 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:18 - 2015-04-01 21:18 - 00009016 _____ () C:\Dokumente und Einstellungen\NetworkService\HELP_DECRYPT.HTML
2015-04-01 21:18 - 2015-04-01 21:18 - 00009016 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\HELP_DECRYPT.HTML
2015-04-01 21:18 - 2015-04-01 21:18 - 00009016 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:18 - 2015-04-01 21:18 - 00009016 _____ () C:\Dokumente und Einstellungen\LocalService\HELP_DECRYPT.HTML
2015-04-01 21:18 - 2015-04-01 21:18 - 00009016 _____ () C:\Dokumente und Einstellungen\LocalService\Eigene Dateien\HELP_DECRYPT.HTML
2015-04-01 21:18 - 2015-04-01 21:18 - 00004834 _____ () C:\Dokumente und Einstellungen\NetworkService\HELP_DECRYPT.TXT
2015-04-01 21:18 - 2015-04-01 21:18 - 00004834 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\HELP_DECRYPT.TXT
2015-04-01 21:18 - 2015-04-01 21:18 - 00004834 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:18 - 2015-04-01 21:18 - 00004834 _____ () C:\Dokumente und Einstellungen\LocalService\HELP_DECRYPT.TXT
2015-04-01 21:18 - 2015-04-01 21:18 - 00004834 _____ () C:\Dokumente und Einstellungen\LocalService\Eigene Dateien\HELP_DECRYPT.TXT
2015-04-01 21:18 - 2015-04-01 21:18 - 00000280 _____ () C:\Dokumente und Einstellungen\NetworkService\HELP_DECRYPT.URL
2015-04-01 21:18 - 2015-04-01 21:18 - 00000280 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\HELP_DECRYPT.URL
2015-04-01 21:18 - 2015-04-01 21:18 - 00000280 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:18 - 2015-04-01 21:18 - 00000280 _____ () C:\Dokumente und Einstellungen\LocalService\HELP_DECRYPT.URL
2015-04-01 21:18 - 2015-04-01 21:18 - 00000280 _____ () C:\Dokumente und Einstellungen\LocalService\Eigene Dateien\HELP_DECRYPT.URL
2015-04-01 21:17 - 2015-04-01 21:17 - 00009016 _____ () C:\Dokumente und Einstellungen\Default User\HELP_DECRYPT.HTML
2015-04-01 21:17 - 2015-04-01 21:17 - 00009016 _____ () C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:17 - 2015-04-01 21:17 - 00009016 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.HTML
2015-04-01 21:17 - 2015-04-01 21:17 - 00004834 _____ () C:\Dokumente und Einstellungen\Default User\HELP_DECRYPT.TXT
2015-04-01 21:17 - 2015-04-01 21:17 - 00004834 _____ () C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:17 - 2015-04-01 21:17 - 00004834 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.TXT
2015-04-01 21:17 - 2015-04-01 21:17 - 00000280 _____ () C:\Dokumente und Einstellungen\Default User\HELP_DECRYPT.URL
2015-04-01 21:17 - 2015-04-01 21:17 - 00000280 _____ () C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:17 - 2015-04-01 21:17 - 00000280 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.URL
2015-04-01 21:16 - 2015-04-01 21:16 - 00009016 _____ () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:16 - 2015-04-01 21:16 - 00004834 _____ () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:16 - 2015-04-01 21:16 - 00000280 _____ () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:15 - 2015-04-01 21:15 - 00009016 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\HELP_DECRYPT.HTML
2015-04-01 21:15 - 2015-04-01 21:15 - 00009016 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:15 - 2015-04-01 21:15 - 00009016 _____ () C:\Dokumente und Einstellungen\Administrator\HELP_DECRYPT.HTML
2015-04-01 21:15 - 2015-04-01 21:15 - 00009016 _____ () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:15 - 2015-04-01 21:15 - 00004834 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\HELP_DECRYPT.TXT
2015-04-01 21:15 - 2015-04-01 21:15 - 00004834 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:15 - 2015-04-01 21:15 - 00004834 _____ () C:\Dokumente und Einstellungen\Administrator\HELP_DECRYPT.TXT
2015-04-01 21:15 - 2015-04-01 21:15 - 00004834 _____ () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:15 - 2015-04-01 21:15 - 00000280 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\HELP_DECRYPT.URL
2015-04-01 21:15 - 2015-04-01 21:15 - 00000280 _____ () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:15 - 2015-04-01 21:15 - 00000280 _____ () C:\Dokumente und Einstellungen\Administrator\HELP_DECRYPT.URL
2015-04-01 21:15 - 2015-04-01 21:15 - 00000280 _____ () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HELP_DECRYPT.URL
2015-03-24 14:02 - 2015-04-01 21:55 - 00000000 ____D () C:\Programme\Mozilla Firefox
2015-03-19 15:51 - 2015-03-19 15:51 - 00018208 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\kraus.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 12:20 - 2010-04-07 11:33 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp
2015-04-02 12:18 - 2010-04-07 18:29 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\BOM
2015-04-02 12:05 - 2010-04-07 11:33 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM
2015-04-02 11:59 - 2014-09-29 18:14 - 00180224 ___SH () C:\Dokumente und Einstellungen\RMM\Desktop\Thumbs.db
2015-04-02 11:23 - 2013-04-24 12:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-01 22:19 - 2010-04-07 11:33 - 00000000 ___RD () C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart
2015-04-01 22:01 - 2011-11-21 15:08 - 00000000 ____D () C:\SIERRA
2015-04-01 21:57 - 2014-05-02 17:50 - 00000000 ____D () C:\Programme\Winamp
2015-04-01 21:57 - 2012-01-28 15:26 - 00000000 ____D () C:\Programme\WinRAR
2015-04-01 21:57 - 2010-06-25 23:14 - 00000000 __SHD () C:\Recycled
2015-04-01 21:57 - 2010-04-11 02:39 - 00000000 ____D () C:\Programme\Windows Live
2015-04-01 21:57 - 2010-04-10 22:33 - 00000000 ____D () C:\Programme\Yahoo!
2015-04-01 21:57 - 2010-04-07 12:13 - 00000000 ___RD () C:\Programme
2015-04-01 21:57 - 2010-04-07 11:24 - 00000000 ____D () C:\Programme\Windows NT
2015-04-01 21:56 - 2014-03-05 13:28 - 00000000 ____D () C:\Programme\Uniblue
2015-04-01 21:56 - 2010-05-24 19:36 - 00000000 ___RD () C:\Programme\Skype
2015-04-01 21:56 - 2010-04-10 22:34 - 00000000 ____D () C:\Programme\SIERRA
2015-04-01 21:55 - 2014-10-07 23:06 - 00000000 ____D () C:\Programme\PMlabs
2015-04-01 21:55 - 2014-09-19 20:11 - 00000000 ____D () C:\Programme\Nero
2015-04-01 21:55 - 2014-09-19 14:19 - 00000000 ____D () C:\Programme\Motorola Media Link
2015-04-01 21:55 - 2014-03-05 13:46 - 00000000 ____D () C:\Programme\Mobogenie
2015-04-01 21:55 - 2014-01-04 16:44 - 00000000 ____D () C:\Programme\Realtek AC97
2015-04-01 21:55 - 2013-04-04 18:36 - 00000000 ____D () C:\Programme\Nitro
2015-04-01 21:55 - 2012-10-19 11:29 - 00000000 ____D () C:\Programme\QuickTime
2015-04-01 21:55 - 2010-09-08 10:37 - 00000000 ____D () C:\Programme\PDF Blender
2015-04-01 21:55 - 2010-04-19 20:59 - 00000000 ____D () C:\Programme\RegCleaner
2015-04-01 21:55 - 2010-04-08 03:16 - 00000000 ____D () C:\Programme\PhotoFiltre
2015-04-01 21:55 - 2010-04-07 11:26 - 00000000 ____D () C:\Programme\NetMeeting
2015-04-01 21:55 - 2010-04-07 11:26 - 00000000 ____D () C:\Programme\Movie Maker
2015-04-01 21:55 - 2010-04-07 11:25 - 00000000 ____D () C:\Programme\Outlook Express
2015-04-01 21:54 - 2013-09-18 16:32 - 00000000 ____D () C:\Programme\Microsoft Download Manager
2015-04-01 21:54 - 2013-04-28 23:33 - 00000000 ____D () C:\Programme\LG Electronics
2015-04-01 21:54 - 2010-05-25 20:13 - 00000000 ____D () C:\Programme\Microsoft SQL Server
2015-04-01 21:54 - 2010-04-07 15:39 - 00000000 ____D () C:\Programme\Microsoft Office
2015-04-01 21:53 - 2013-04-06 14:00 - 00000000 ____D () C:\Programme\Inkscape
2015-04-01 21:53 - 2012-07-24 11:17 - 00000000 ____D () C:\Programme\Java
2015-04-01 21:47 - 2014-09-19 14:19 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Nero
2015-04-01 21:47 - 2014-09-19 14:18 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Motorola Shared
2015-04-01 21:47 - 2013-09-23 12:24 - 00000000 ____D () C:\Programme\CDBurnerXP
2015-04-01 21:47 - 2012-10-03 18:42 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2015-04-01 21:47 - 2010-12-29 20:44 - 00000000 ____D () C:\Programme\ElsterFormular
2015-04-01 21:47 - 2010-04-07 18:29 - 00000000 ____D () C:\Programme\Biet-O-Matic
2015-04-01 21:47 - 2010-04-07 15:21 - 00000000 ____D () C:\Programme\Google
2015-04-01 21:47 - 2010-04-07 12:13 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\SpeechEngines
2015-04-01 21:47 - 2010-04-07 12:13 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Microsoft Shared
2015-04-01 21:46 - 2014-01-23 19:19 - 00000000 ____D () C:\Medion
2015-04-01 21:46 - 2013-08-23 21:07 - 00000000 ____D () C:\Programme\Avira
2015-04-01 21:46 - 2013-03-14 15:23 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\PDF24
2015-04-01 21:46 - 2012-10-22 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\Sun
2015-04-01 21:46 - 2012-06-16 13:06 - 00000000 ____D () C:\Programme\Adobe
2015-04-01 21:46 - 2010-04-07 18:13 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\Mozilla
2015-04-01 21:45 - 2014-09-19 14:23 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\Motorola
2015-04-01 21:44 - 2013-04-28 23:36 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\LG Electronics
2015-04-01 21:35 - 2013-04-28 23:36 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Eigene Dateien\LG PC Suite IV
2015-04-01 21:35 - 2010-04-07 18:21 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\Google
2015-04-01 21:23 - 2015-02-20 20:44 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\Neuer Ordner (2)
2015-04-01 21:23 - 2015-01-12 20:31 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\Ulli Scheinwerfer
2015-04-01 21:23 - 2015-01-02 15:44 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Eigene Dateien\directline
2015-04-01 21:23 - 2014-09-25 16:02 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\Neuer Ordner
2015-04-01 21:23 - 2013-07-11 09:52 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Eigene Dateien\LG OSP
2015-04-01 21:22 - 2015-01-28 18:53 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\BBS Fake
2015-04-01 21:22 - 2015-01-28 18:52 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\Lenkräder roh
2015-04-01 21:22 - 2014-11-17 20:00 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\Cerberus
2015-04-01 21:22 - 2014-10-13 20:34 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\MercedesG
2015-04-01 21:22 - 2014-10-07 18:20 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Desktop\ATS
2015-04-01 21:19 - 2014-09-19 20:13 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Nero
2015-04-01 21:19 - 2014-05-02 17:50 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Winamp
2015-04-01 21:19 - 2013-04-04 18:37 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Nitro
2015-04-01 21:19 - 2012-04-21 17:26 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\PTC
2015-04-01 21:19 - 2011-11-18 13:40 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Nitro PDF
2015-04-01 21:19 - 2010-05-24 19:37 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Skype
2015-04-01 21:19 - 2010-04-21 02:39 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Sun
2015-04-01 21:19 - 2010-04-07 18:13 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Mozilla
2015-04-01 21:18 - 2015-01-02 10:40 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Coronic
2015-04-01 21:18 - 2014-09-19 18:44 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\DAEMON Tools Lite
2015-04-01 21:18 - 2013-09-03 14:49 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\DriverCure
2015-04-01 21:18 - 2012-10-30 19:09 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Camfrog
2015-04-01 21:18 - 2012-10-03 18:41 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\DVDVideoSoft
2015-04-01 21:18 - 2010-12-30 10:50 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\elsterformular
2015-04-01 21:18 - 2010-04-07 18:19 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\Adobe
2015-04-01 21:18 - 2010-04-07 11:31 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-04-01 21:18 - 2010-04-07 11:31 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2015-04-01 21:17 - 2010-04-27 22:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\eBay
2015-04-01 21:16 - 2014-09-19 14:19 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2015-04-01 21:16 - 2013-08-23 21:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2015-04-01 21:16 - 2012-05-13 19:27 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX
2015-04-01 21:16 - 2010-12-30 10:40 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
2015-04-01 21:16 - 2010-04-07 11:27 - 00000000 __SHD () C:\Dokumente und Einstellungen\All Users\DRM
2015-04-01 21:15 - 2010-05-10 18:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2015-04-01 21:15 - 2010-05-10 18:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
2015-04-01 21:15 - 2010-05-10 18:13 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator
2015-04-01 21:14 - 2010-04-07 16:01 - 01280362 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 21:11 - 2013-08-23 21:06 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cea033edcb8c50.job
2015-04-01 20:23 - 2010-04-07 11:31 - 00032350 ____C () C:\WINDOWS\SchedLgU.Txt
2015-04-01 07:24 - 2010-05-06 18:36 - 00000470 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-03-31 18:45 - 2010-04-07 12:13 - 01043964 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-31 18:41 - 2011-11-28 14:27 - 01113449 _____ () C:\WINDOWS\setupapi.log
2015-03-31 18:41 - 2010-04-07 13:48 - 00003873 _____ () C:\WINDOWS\system32\nvapps.xml
2015-03-31 18:41 - 2010-04-07 12:15 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-31 18:41 - 2010-04-07 12:15 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-03-31 18:41 - 2010-04-07 11:27 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-03-30 18:46 - 2012-06-08 20:07 - 00000000 ____D () C:\_lists
2015-03-30 18:46 - 2012-05-29 15:48 - 00038243 _____ () C:\Dokumente und Einstellungen\RMM\ewa_client_1.log
2015-03-30 18:33 - 2010-07-31 10:17 - 00000000 ____D () C:\Dokumente und Einstellungen\RMM\XFER
2015-03-30 18:33 - 2010-06-30 23:35 - 00000122 ____C () C:\Dokumente und Einstellungen\RMM\.ewanapi_cookie
2015-03-30 18:14 - 2012-06-08 04:44 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2015-03-25 20:10 - 2010-04-08 16:30 - 00000452 _____ () C:\WINDOWS\lexstat.ini
2015-03-08 17:00 - 2010-04-07 15:42 - 00002509 _____ () C:\Dokumente und Einstellungen\RMM\Desktop\Word.lnk

==================== Files in the root of some directories =======

2015-04-01 21:57 - 2015-04-01 21:57 - 0009016 _____ () C:\Programme\HELP_DECRYPT.HTML
2015-04-01 21:57 - 2015-04-01 21:57 - 0050173 _____ () C:\Programme\HELP_DECRYPT.PNG
2015-04-01 21:57 - 2015-04-01 21:57 - 0004834 _____ () C:\Programme\HELP_DECRYPT.TXT
2015-04-01 21:57 - 2015-04-01 21:57 - 0000280 _____ () C:\Programme\HELP_DECRYPT.URL
2014-01-23 19:05 - 2014-01-23 19:05 - 0229008 _____ () C:\Programme\MEDION_Treibersuche.exe
2015-04-01 21:47 - 2015-04-01 21:47 - 0009016 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.HTML
2015-04-01 21:47 - 2015-04-01 21:47 - 0050173 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.PNG
2015-04-01 21:47 - 2015-04-01 21:47 - 0004834 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.TXT
2015-04-01 21:47 - 2015-04-01 21:47 - 0000280 _____ () C:\Programme\Gemeinsame Dateien\HELP_DECRYPT.URL
2015-04-01 21:19 - 2015-04-01 21:19 - 0009016 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:19 - 2015-04-01 21:19 - 0050173 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.PNG
2015-04-01 21:19 - 2015-04-01 21:19 - 0004834 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:19 - 2015-04-01 21:19 - 0000280 _____ () C:\Dokumente und Einstellungen\RMM\Anwendungsdaten\HELP_DECRYPT.URL
2010-04-07 23:29 - 2014-06-17 19:32 - 0039936 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 21:46 - 2015-04-01 21:46 - 0009016 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.HTML
2015-04-01 21:46 - 2015-04-01 21:46 - 0050173 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.PNG
2015-04-01 21:46 - 2015-04-01 21:46 - 0004834 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.TXT
2015-04-01 21:46 - 2015-04-01 21:46 - 0000280 _____ () C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\HELP_DECRYPT.URL
2015-04-01 21:17 - 2015-04-01 21:17 - 0009016 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.HTML
2015-04-01 21:17 - 2015-04-01 21:17 - 0050173 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.PNG
2015-04-01 21:17 - 2015-04-01 21:17 - 0004834 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.TXT
2015-04-01 21:17 - 2015-04-01 21:17 - 0000280 _____ () C:\Dokumente und Einstellungen\All Users\HELP_DECRYPT.URL

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\0_Offer_1.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\0_Offer_2.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\1_Offer_6.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\6_Offer_16.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\avgnt.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\A~NSISu_.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\BackupSetup.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\DM1394018022.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\DM1394018213.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\Mobogenie_INT.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsa19.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsb3C.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsi39.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsm34.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nss14.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nst11.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsy1C.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsy31.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\rtdrvmon.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\SearchProtectINT.exe
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\_is718.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Additional txt.
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by RMM at 2015-04-02 12:21:09
Running from C:\Dokumente und Einstellungen\RMM\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adlsoft Uncompressor (HKU\.DEFAULT\...\Adlsoft Uncompressor) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\{B001064C-D061-4BAE-9031-416A838D5536}) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Biet-O-Matic v2.12.7 (HKLM\...\Biet-O-Matic v2.12.7) (Version: Biet-O-Matic v2.12.7 - BOM Development Team)
Caesar 3 (HKLM\...\Caesar 3) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Free YouTube Download version 3.1.37.918 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
Google Earth Plug-in (HKLM\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Hotfix für Windows Media Player 11 (KB939683) (HKLM\...\KB939683) (Version:  - Microsoft Corporation)
Hotfix für Windows XP (KB2443685) (HKLM\...\KB2443685) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB2633952) (HKLM\...\KB2633952) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Hotfix für Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB979306) (HKLM\...\KB979306) (Version: 1 - Microsoft Corporation)
Hotfix für Windows XP (KB981793) (HKLM\...\KB981793) (Version: 1 - Microsoft Corporation)
Inkscape 0.48.2 (HKLM\...\Inkscape) (Version: 0.48.2 - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - )
LG Bluetooth Drivers (HKLM\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
MCCI(r)Firmware Update Driver for MTK (HKLM\...\{13E92303-C1AC-4012-9E22-54EACBF54888}) (Version: 1.00.0000 - MCCI)
Medion Flash XL (HKLM\...\{EA1CB7AC-E221-4822-A789-0ADB051DC498}) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU (HKLM\...\{9309DD7E-EBFE-3C95-8B47-30D3A012F606}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU (HKLM\...\{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Access 2003 Runtime (HKLM\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (HKLM\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nitro Reader 3 (HKLM\...\{5027D37B-3677-4F16-9501-A42288EBDB31}) (Version: 3.5.2.10 - Nitro)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PCI Soft Voice SoftRing Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
PhotoFiltre (HKLM\...\PhotoFiltre) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sicherheitsupdate für Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB968816) (HKLM\...\KB968816_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player (KB979402) (HKLM\...\KB979402_WM9) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2079403) (HKLM\...\KB2079403) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2121546) (HKLM\...\KB2121546) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2160329) (HKLM\...\KB2160329) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2259922) (HKLM\...\KB2259922) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2286198) (HKLM\...\KB2286198) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2412687) (HKLM\...\KB2412687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2476490) (HKLM\...\KB2476490) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2503665) (HKLM\...\KB2503665) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507618) (HKLM\...\KB2507618) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508272) (HKLM\...\KB2508272) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2524375) (HKLM\...\KB2524375) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276) (HKLM\...\KB2536276) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893) (HKLM\...\KB2544893) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2555917) (HKLM\...\KB2555917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2646524) (HKLM\...\KB2646524) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2685939) (HKLM\...\KB2685939) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2695962) (HKLM\...\KB2695962) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2707511) (HKLM\...\KB2707511) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2718523) (HKLM\...\KB2718523) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB941569) (HKLM\...\KB941569) (Version:  - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950760) (HKLM\...\KB950760) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951066) (HKLM\...\KB951066) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB951748) (HKLM\...\KB951748) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB954459) (HKLM\...\KB954459) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB955069) (HKLM\...\KB955069) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956803) (HKLM\...\KB956803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB958644) (HKLM\...\KB958644) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB958869) (HKLM\...\KB958869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960225) (HKLM\...\KB960225) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB961501) (HKLM\...\KB961501) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB969947) (HKLM\...\KB969947) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970238) (HKLM\...\KB970238) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971468) (HKLM\...\KB971468) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB971961) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973354) (HKLM\...\KB973354) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975561) (HKLM\...\KB975561) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975562) (HKLM\...\KB975562) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB975713) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB977165-v2) (HKLM\...\KB977165-v2) (Version: 2 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978037) (HKLM\...\KB978037) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978251) (HKLM\...\KB978251) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978262) (HKLM\...\KB978262) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978601) (HKLM\...\KB978601) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979559) (HKLM\...\KB979559) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979683) (HKLM\...\KB979683) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980195) (HKLM\...\KB980195) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980218) (HKLM\...\KB980218) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980232) (HKLM\...\KB980232) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB980436) (HKLM\...\KB980436) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981349) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB981852) (HKLM\...\KB981852) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982214) (HKLM\...\KB982214) (Version: 1 - Microsoft Corporation)
Sicherheitsupdate für Windows XP (KB982381) (Version: 1 - Microsoft Corporation) Hidden
Sicherheitsupdate für Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Sierra-Dienstprogramme (HKLM\...\Sierra-Dienstprogramme) (Version:  - )
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version:  - )
Skype™ 5.9 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.9.115 - Skype Technologies S.A.)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update für Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update für Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update für Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update für Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
waterMark V2 (HKLM\...\waterMark V2) (Version:  - )
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
26-02-2015 20:57:41 Systemprüfpunkt
27-02-2015 21:00:43 Systemprüfpunkt
28-02-2015 21:43:07 Systemprüfpunkt
01-03-2015 22:43:06 Systemprüfpunkt
03-03-2015 09:58:34 Systemprüfpunkt
04-03-2015 10:43:04 Systemprüfpunkt
05-03-2015 11:43:08 Systemprüfpunkt
06-03-2015 12:43:04 Systemprüfpunkt
07-03-2015 13:43:04 Systemprüfpunkt
08-03-2015 14:43:04 Systemprüfpunkt
09-03-2015 14:48:05 Systemprüfpunkt
10-03-2015 15:43:05 Systemprüfpunkt
11-03-2015 16:57:35 Systemprüfpunkt
12-03-2015 17:43:03 Systemprüfpunkt
13-03-2015 18:43:02 Systemprüfpunkt
14-03-2015 18:52:32 Systemprüfpunkt
15-03-2015 19:43:03 Systemprüfpunkt
16-03-2015 21:27:28 Systemprüfpunkt
17-03-2015 21:44:07 Systemprüfpunkt
18-03-2015 22:55:00 Systemprüfpunkt
19-03-2015 23:43:01 Systemprüfpunkt
21-03-2015 00:43:01 Systemprüfpunkt
22-03-2015 21:10:35 Systemprüfpunkt
23-03-2015 21:29:34 Systemprüfpunkt
24-03-2015 22:19:31 Systemprüfpunkt
25-03-2015 23:22:00 Systemprüfpunkt
27-03-2015 00:22:37 Systemprüfpunkt
28-03-2015 01:07:30 Systemprüfpunkt
29-03-2015 02:07:30 Systemprüfpunkt
30-03-2015 03:07:29 Systemprüfpunkt
31-03-2015 03:18:12 Systemprüfpunkt
01-04-2015 03:45:15 Systemprüfpunkt
02-04-2015 04:45:10 Systemprüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-18 14:00 - 2010-11-13 20:53 - 00001013 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 www.motorvision.de/if/videos/
127.0.0.1 www.finya.de/index/logoutAd/
127.0.0.1 www.ih.adscale.de
127.0.0.1 www.aka-cdn-ns.adtech.de/


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cea033edcb8c50.job => C:\Programme\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-04-04 07:53 - 2012-04-04 07:53 - 00301056 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
2010-04-08 16:29 - 2003-07-29 09:27 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll
2011-09-19 09:57 - 2011-09-19 09:57 - 00128336 _____ () C:\Programme\Motorola Media Link\Lite\liveupdatetactics.dll
2011-04-30 18:12 - 2011-04-30 18:12 - 00023872 _____ () C:\Programme\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 09:59 - 2011-09-19 09:59 - 00465632 _____ () C:\Programme\Motorola Media Link\Lite\sqlite3.dll
2011-04-30 18:13 - 2011-04-30 18:13 - 00045368 _____ () C:\Programme\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 09:57 - 2011-09-19 09:57 - 00034128 _____ () C:\Programme\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2010-04-08 16:29 - 2003-08-03 15:58 - 00065536 _____ () C:\Programme\Lexmark X1100 Series\ConvDIB.dll
2014-09-19 18:49 - 2002-08-28 13:43 - 00073728 _____ () C:\WINDOWS\Dit.exe
2014-09-19 18:49 - 2002-07-12 10:29 - 00065536 _____ () C:\WINDOWS\DitExp.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1606980848-1682526488-854245398-1004\Control Panel\Desktop\\Wallpaper -> C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^maxdome Download Manager.lnk => C:\WINDOWS\pss\maxdome Download Manager.lnkCommon Startup
MSCONFIG\startupreg: 1&1 EasyLogin => C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: Lexmark X1100 Series => "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: PDFPrint => C:\Programme\PDF24\pdf24.exe
MSCONFIG\startupreg: Skype => "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: swg => "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1606980848-1682526488-854245398-500 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Administrator
Gast (S-1-5-21-1606980848-1682526488-854245398-501 - Limited - Disabled)
Hilfeassistent (S-1-5-21-1606980848-1682526488-854245398-1000 - Limited - Enabled)
RMM (S-1-5-21-1606980848-1682526488-854245398-1004 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\RMM
SUPPORT_388945a0 (S-1-5-21-1606980848-1682526488-854245398-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 00:07:16 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:07:09 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:06:19 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  rundll32: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:05:20 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:05:15 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/01/2015 11:57:58 AM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  Biet-O-Matic: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (03/22/2015 10:04:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung helper.exe, Version 1.0.0.0, fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00032a16.
Das medienspezifische Ereignis für [helper.exe!ws!] wird verarbeitet.

Error: (03/17/2015 08:57:36 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  msimn: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (03/16/2015 03:51:48 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  msimn: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (03/16/2015 03:51:06 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  NITROP~4: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event


System errors:
=============
Error: (03/31/2015 06:42:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Lbd

Error: (03/31/2015 06:42:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "maxdome Download Manager" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/31/2015 06:42:55 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation

Error: (03/31/2015 04:56:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Lbd

Error: (03/31/2015 04:56:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "maxdome Download Manager" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/31/2015 04:56:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation

Error: (03/30/2015 06:15:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Lbd

Error: (03/30/2015 06:15:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "maxdome Download Manager" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/30/2015 06:15:53 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation

Error: (03/22/2015 10:06:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DeviceMonitorService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/02/2015 00:07:16 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:07:09 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:06:19 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  rundll32: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:05:20 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/02/2015 00:05:15 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  firefox: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (04/01/2015 11:57:58 AM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  Biet-O-Matic: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (03/22/2015 10:04:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: helper.exe1.0.0.0msvcrt.dll7.0.2600.551200032a16

Error: (03/17/2015 08:57:36 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  msimn: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (03/16/2015 03:51:48 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  msimn: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Error: (03/16/2015 03:51:06 PM) (Source: nview_info) (EventID: 1) (User: )
Description: NVIEW :  NITROP~4: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event


==================== Memory info =========================== 

Processor:  Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 78%
Total physical RAM: 1023.49 MB
Available physical RAM: 219.02 MB
Total Pagefile: 2462.21 MB
Available Pagefile: 1748.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:1.2 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:64 GB) (Free:50.22 GB) NTFS
Drive e: (Speicher) (Fixed) (Total:28.24 GB) (Free:28.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 4F174F16)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.2 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---


Ich bin kein Computerspezi, eher ein DAUmeier und hoffe, dass ich alles richtig gemacht habe. Bevor ich weitermache, warte ich erst mal auf weitere Anweisungen

Gruß und Dank

Roland

Geändert von Roland500sel (02.04.2015 um 13:32 Uhr)

Alt 02.04.2015, 13:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Vermutlich Cryptowall Virus auf XP Rechner - Standard

Vermutlich Cryptowall Virus auf XP Rechner



Hi,

sind Dateien verschlüsselt?
__________________

__________________

Alt 02.04.2015, 20:14   #3
Roland500sel
 
Vermutlich Cryptowall Virus auf XP Rechner - Standard

Vermutlich Cryptowall Virus auf XP Rechner



Hi,

mittlerweile ja, bis vor ner Stunde gingen noch Fotos auf, jetzt ist alles verschlüsselt.

Bericht von GMER
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2015-04-02 15:49:28
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120023A rev.3.30 111,79GB
Running: Gmer-19357.exe; Driver: C:\DOKUME~1\RMM\LOKALE~1\Temp\fwlciuod.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs  sisidex.sys

---- EOF - GMER 2.1 ----
         
--- --- ---





Bericht von Luke Filewalker

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 2. April 2015 17:17


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Microsoft Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : RMM-NUNFDW5LN3A

Versionsinformationen:
BUILD.DAT : 15.0.8.656 91858 Bytes 17.03.2015 13:02:00
AVSCAN.EXE : 15.0.8.652 1014064 Bytes 17.03.2015 11:01:55
AVSCANRC.DLL : 15.0.8.652 63792 Bytes 17.03.2015 11:01:55
LUKE.DLL : 15.0.8.652 60664 Bytes 17.03.2015 11:02:00
AVSCPLR.DLL : 15.0.8.652 93488 Bytes 17.03.2015 11:01:55
REPAIR.DLL : 15.0.8.652 365360 Bytes 17.03.2015 11:01:55
REPAIR.RDF : 1.0.6.88 825929 Bytes 02.04.2015 14:51:09
AVREG.DLL : 15.0.8.652 265464 Bytes 17.03.2015 11:01:55
AVLODE.DLL : 15.0.8.656 645368 Bytes 17.03.2015 11:01:54
AVLODE.RDF : 14.0.4.60 79192 Bytes 02.04.2015 14:49:45
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:02:04
XBV00107.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:02
XBV00108.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:02
XBV00109.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:02
XBV00110.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:02
XBV00111.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:02
XBV00112.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00113.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00114.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00115.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00116.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00117.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00118.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00119.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00120.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00121.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00122.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00123.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00124.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00125.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:03
XBV00126.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00127.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00128.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00129.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00130.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00131.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00132.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00133.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00134.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00135.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00136.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00137.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00138.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00139.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:04
XBV00140.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00141.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00142.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00143.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00144.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00145.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00146.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00147.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00148.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00149.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00150.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00151.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00152.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00153.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:05
XBV00154.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00155.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00156.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00157.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00158.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00159.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00160.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00161.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00162.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00163.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00164.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00165.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00166.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:06
XBV00167.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00168.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00169.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00170.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00171.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00172.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00173.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00174.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00175.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00176.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:07
XBV00177.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00178.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00179.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00180.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00181.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00182.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00183.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00184.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00185.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00186.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00187.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00188.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00189.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:08
XBV00190.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00191.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00192.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00193.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00194.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00195.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00196.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00197.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00198.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00199.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00200.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00201.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:09
XBV00202.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00203.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00204.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00205.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00206.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00207.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00208.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00209.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00210.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00211.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00212.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00213.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00214.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00215.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:10
XBV00216.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00217.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00218.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00219.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00220.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00221.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00222.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00223.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00224.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00225.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00226.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00227.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00228.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00229.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:11
XBV00230.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00231.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00232.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00233.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00234.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00235.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00236.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00237.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00238.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00239.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00240.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00241.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00242.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:12
XBV00243.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00244.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00245.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00246.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00247.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00248.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00249.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00250.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00251.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00252.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00253.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00254.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00255.VDF : 8.11.219.166 2048 Bytes 25.03.2015 14:50:13
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:02:04
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:02:04
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 11:02:04
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 11:02:04
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 11:02:04
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 11:02:04
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 11:02:04
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 11:02:04
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:02:04
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 11:02:04
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 11:02:04
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 11:02:04
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:02:04
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 11:02:04
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 11:02:04
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 11:02:04
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 11:02:04
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 14:49:53
XBV00042.VDF : 8.11.219.194 36864 Bytes 25.03.2015 14:49:54
XBV00043.VDF : 8.11.219.218 7168 Bytes 25.03.2015 14:49:54
XBV00044.VDF : 8.11.219.242 6144 Bytes 25.03.2015 14:49:54
XBV00045.VDF : 8.11.219.244 7680 Bytes 25.03.2015 14:49:54
XBV00046.VDF : 8.11.219.246 5632 Bytes 26.03.2015 14:49:54
XBV00047.VDF : 8.11.219.250 38400 Bytes 26.03.2015 14:49:54
XBV00048.VDF : 8.11.219.252 14336 Bytes 26.03.2015 14:49:54
XBV00049.VDF : 8.11.219.254 18432 Bytes 26.03.2015 14:49:55
XBV00050.VDF : 8.11.220.0 7680 Bytes 26.03.2015 14:49:55
XBV00051.VDF : 8.11.220.2 10240 Bytes 26.03.2015 14:49:55
XBV00052.VDF : 8.11.220.6 2048 Bytes 26.03.2015 14:49:55
XBV00053.VDF : 8.11.220.8 2560 Bytes 26.03.2015 14:49:55
XBV00054.VDF : 8.11.220.10 17408 Bytes 26.03.2015 14:49:55
XBV00055.VDF : 8.11.220.12 2048 Bytes 26.03.2015 14:49:55
XBV00056.VDF : 8.11.220.16 23040 Bytes 26.03.2015 14:49:55
XBV00057.VDF : 8.11.220.18 8704 Bytes 26.03.2015 14:49:55
XBV00058.VDF : 8.11.220.22 30720 Bytes 27.03.2015 14:49:56
XBV00059.VDF : 8.11.220.24 6144 Bytes 27.03.2015 14:49:56
XBV00060.VDF : 8.11.220.26 2048 Bytes 27.03.2015 14:49:56
XBV00061.VDF : 8.11.220.48 9728 Bytes 27.03.2015 14:49:56
XBV00062.VDF : 8.11.220.68 14848 Bytes 27.03.2015 14:49:56
XBV00063.VDF : 8.11.220.88 23552 Bytes 27.03.2015 14:49:56
XBV00064.VDF : 8.11.220.108 9216 Bytes 27.03.2015 14:49:56
XBV00065.VDF : 8.11.220.110 15360 Bytes 27.03.2015 14:49:56
XBV00066.VDF : 8.11.220.116 27648 Bytes 27.03.2015 14:49:57
XBV00067.VDF : 8.11.220.118 10752 Bytes 27.03.2015 14:49:57
XBV00068.VDF : 8.11.220.120 6144 Bytes 27.03.2015 14:49:57
XBV00069.VDF : 8.11.220.122 62976 Bytes 28.03.2015 14:49:57
XBV00070.VDF : 8.11.220.124 2048 Bytes 28.03.2015 14:49:57
XBV00071.VDF : 8.11.220.126 9728 Bytes 28.03.2015 14:49:57
XBV00072.VDF : 8.11.220.128 20992 Bytes 28.03.2015 14:49:57
XBV00073.VDF : 8.11.220.148 54784 Bytes 29.03.2015 14:49:58
XBV00074.VDF : 8.11.220.176 7680 Bytes 29.03.2015 14:49:58
XBV00075.VDF : 8.11.220.196 32768 Bytes 30.03.2015 14:49:58
XBV00076.VDF : 8.11.220.216 2048 Bytes 30.03.2015 14:49:58
XBV00077.VDF : 8.11.220.236 9728 Bytes 30.03.2015 14:49:58
XBV00078.VDF : 8.11.220.238 15360 Bytes 30.03.2015 14:49:58
XBV00079.VDF : 8.11.220.240 9216 Bytes 30.03.2015 14:49:58
XBV00080.VDF : 8.11.220.242 4608 Bytes 30.03.2015 14:49:58
XBV00081.VDF : 8.11.220.248 58368 Bytes 30.03.2015 14:49:59
XBV00082.VDF : 8.11.220.250 2048 Bytes 30.03.2015 14:49:59
XBV00083.VDF : 8.11.220.252 2048 Bytes 30.03.2015 14:49:59
XBV00084.VDF : 8.11.220.254 39424 Bytes 31.03.2015 14:49:59
XBV00085.VDF : 8.11.221.0 2048 Bytes 31.03.2015 14:49:59
XBV00086.VDF : 8.11.221.6 40960 Bytes 31.03.2015 14:49:59
XBV00087.VDF : 8.11.221.8 2048 Bytes 31.03.2015 14:50:00
XBV00088.VDF : 8.11.221.10 16896 Bytes 31.03.2015 14:50:00
XBV00089.VDF : 8.11.221.30 10240 Bytes 31.03.2015 14:50:00
XBV00090.VDF : 8.11.221.48 29184 Bytes 31.03.2015 14:50:00
XBV00091.VDF : 8.11.221.50 2048 Bytes 31.03.2015 14:50:00
XBV00092.VDF : 8.11.221.70 27648 Bytes 31.03.2015 14:50:00
XBV00093.VDF : 8.11.221.88 3584 Bytes 31.03.2015 14:50:00
XBV00094.VDF : 8.11.221.90 32256 Bytes 31.03.2015 14:50:01
XBV00095.VDF : 8.11.221.94 34816 Bytes 01.04.2015 14:50:01
XBV00096.VDF : 8.11.221.96 8704 Bytes 01.04.2015 14:50:01
XBV00097.VDF : 8.11.221.100 8704 Bytes 01.04.2015 14:50:01
XBV00098.VDF : 8.11.221.102 7680 Bytes 01.04.2015 14:50:01
XBV00099.VDF : 8.11.221.106 39936 Bytes 01.04.2015 14:50:01
XBV00100.VDF : 8.11.221.124 8704 Bytes 01.04.2015 14:50:01
XBV00101.VDF : 8.11.221.142 12288 Bytes 01.04.2015 14:50:02
XBV00102.VDF : 8.11.221.160 7168 Bytes 01.04.2015 14:50:02
XBV00103.VDF : 8.11.221.178 7168 Bytes 01.04.2015 14:50:02
XBV00104.VDF : 8.11.221.196 8192 Bytes 01.04.2015 14:50:02
XBV00105.VDF : 8.11.221.200 33280 Bytes 02.04.2015 14:50:02
XBV00106.VDF : 8.11.221.202 2048 Bytes 02.04.2015 14:50:02
LOCAL000.VDF : 8.11.221.202 125999616 Bytes 02.04.2015 14:54:40
Engineversion : 8.3.30.10
AEVDF.DLL : 8.3.1.6 133992 Bytes 17.03.2015 11:01:51
AESCRIPT.DLL : 8.2.2.58 560248 Bytes 02.04.2015 14:49:44
AESCN.DLL : 8.3.2.2 139456 Bytes 17.03.2015 11:01:51
AESBX.DLL : 8.2.20.34 1615784 Bytes 17.03.2015 11:01:51
AERDL.DLL : 8.2.1.20 731040 Bytes 17.03.2015 11:01:51
AEPACK.DLL : 8.4.0.62 793456 Bytes 17.03.2015 11:01:51
AEOFFICE.DLL : 8.3.1.16 359280 Bytes 02.04.2015 14:49:43
AEMOBILE.DLL : 8.1.7.0 281456 Bytes 17.03.2015 11:01:51
AEHEUR.DLL : 8.1.4.1612 8244344 Bytes 02.04.2015 14:49:42
AEHELP.DLL : 8.3.2.0 281456 Bytes 02.04.2015 14:49:28
AEGEN.DLL : 8.1.7.40 456608 Bytes 17.03.2015 11:01:51
AEEXP.DLL : 8.4.2.70 255904 Bytes 17.03.2015 11:01:51
AEEMU.DLL : 8.1.3.4 399264 Bytes 17.03.2015 11:01:51
AEDROID.DLL : 8.4.3.116 1050536 Bytes 17.03.2015 11:01:51
AECORE.DLL : 8.3.4.0 243624 Bytes 17.03.2015 11:01:51
AEBB.DLL : 8.1.2.0 60448 Bytes 17.03.2015 11:01:51
AVWINLL.DLL : 15.0.8.652 25904 Bytes 17.03.2015 11:01:56
AVPREF.DLL : 15.0.8.652 53248 Bytes 17.03.2015 11:01:55
AVREP.DLL : 15.0.8.652 221432 Bytes 17.03.2015 11:01:55
AVARKT.DLL : 15.0.8.652 228088 Bytes 17.03.2015 11:01:52
AVEVTLOG.DLL : 15.0.8.652 183600 Bytes 17.03.2015 11:01:53
SQLITE3.DLL : 15.0.8.652 456440 Bytes 17.03.2015 11:02:03
AVSMTP.DLL : 15.0.8.652 79360 Bytes 17.03.2015 11:01:56
NETNT.DLL : 15.0.8.652 17352 Bytes 17.03.2015 11:02:01
RCIMAGE.DLL : 15.0.8.652 4864816 Bytes 17.03.2015 11:02:02
RCTEXT.DLL : 15.0.8.652 75056 Bytes 17.03.2015 11:02:02

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\programme\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 2. April 2015 17:17

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:, E'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'rsmsink.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskmgr.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvsvc32.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NServiceEntry.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'DitExp.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dit.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOUNDMAN.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'LEXPPS.EXE' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'LEXBCES.EXE' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2487' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Dokumente und Einstellungen\RMM\Eigene Dateien\Downloads\PhotoFiltre7-de.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallShare.D
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\0_Offer_1.exe
[0] Archivtyp: NSIS
--> ProgramFilesDir/[PluginsDir]/Convert.dll
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\DM1394018022.exe
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\DM1394018213.exe
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\ICReinstall_nsk125.tmp
[FUND] Enthält Muster der Software PUA/InstallCore.Gen9
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\Mobogenie_INT.exe
[0] Archivtyp: NSIS
--> ProgramFilesDir/Mobogenie.7z
[1] Archivtyp: 7-Zip
--> nengine.dll
[FUND] Enthält Muster der Software PUA/NextLive.opea.2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsk125.tmp
[FUND] Enthält Muster der Software PUA/InstallCore.Gen9
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\{00014C6D-4655-B629}
[FUND] Ist das Trojanische Pferd TR/Ransom.Foreign.hyjm
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\fullpackage_temp1394018249\tmp\wpm.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Cherished.oia
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\OCS\ocs_v71a.exe
[FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\Rnhzisn\mmpywwimp.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.Xpack.44258
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GFVG980U\fax-message876-792-093.zip
[0] Archivtyp: ZIP
--> fax-message234-802-453.scr
[1] Archivtyp: Portable Executable Resource
--> id_899
[2] Archivtyp: ZIP
--> 23 ±¸·Ý.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.Xpack.175575
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\'
[0] Archivtyp: RSRC
--> C:\RECYCLER\S-1-5-21-1606980848-1682526488-854245398-1004\Dc382.exe
[1] Archivtyp: Runtime Packed
--> D:\Eigene Dateien\Tools\FreeYouTubeToMp3Converter327.exe
[2] Archivtyp: Inno Setup
--> D:\Eigene Dateien\Tools\GoogleToolbarInstaller.exe
[3] Archivtyp: RSRC
--> D:\Eigene Dateien\Tools\Microsoft Office Compatibility Pack - CHIP-Installer.exe
[4] Archivtyp: RSRC
--> D:\Eigene Dateien\Tools\Microsoft Office Compatibility Pack - CHIP-Installer.exe
[5] Archivtyp: Runtime Packed
--> D:\Eigene Dateien\Tools\Nero_BurnLite-10.0.10600_CB-DL-Manager.exe
[6] Archivtyp: Inno Setup
--> Object
[FUND] Enthält Muster der Software PUA/InstallCore.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
D:\Eigene Dateien\Tools\Nero_BurnLite-10.0.10600_CB-DL-Manager.exe
[FUND] Enthält Muster der Software PUA/InstallCore.Gen
D:\Eigene Dateien\Tools\realtek-ac-97-4-06.exe
[FUND] Enthält Muster der Software PUA/DonwloadSponsor.psa
D:\Eigene Dateien\Tools\SpyBot Search Destroy - CHIP-Downloader.exe
[FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen
D:\Eigene Dateien\Tools\Motorola V9\CD.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen4
D:\Eigene Dateien\Tools\Motorola V9\Motorola V9\CD.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen4
Beginne mit der Suche in 'E:\' <Speicher>

Beginne mit der Desinfektion:
D:\Eigene Dateien\Tools\Motorola V9\Motorola V9\CD.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5112d9ab.qua' verschoben!
D:\Eigene Dateien\Tools\Motorola V9\CD.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4985f60d.qua' verschoben!
D:\Eigene Dateien\Tools\SpyBot Search Destroy - CHIP-Downloader.exe
[FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '06b5f195.qua' verschoben!
D:\Eigene Dateien\Tools\realtek-ac-97-4-06.exe
[FUND] Enthält Muster der Software PUA/DonwloadSponsor.psa
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0d69adf2.qua' verschoben!
D:\Eigene Dateien\Tools\Nero_BurnLite-10.0.10600_CB-DL-Manager.exe
[FUND] Enthält Muster der Software PUA/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e40be20.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GFVG980U\fax-message876-792-093.zip
[FUND] Ist das Trojanische Pferd TR/Crypt.Xpack.175575
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3b339546.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\Rnhzisn\mmpywwimp.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.Xpack.44258
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '13d0c610.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\OCS\ocs_v71a.exe
[FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '676e9fae.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\fullpackage_temp1394018249\tmp\wpm.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Cherished.oia
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2879e73c.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\{00014C6D-4655-B629}
[FUND] Ist das Trojanische Pferd TR/Ransom.Foreign.hyjm
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '176abd5a.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\nsk125.tmp
[FUND] Enthält Muster der Software PUA/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6d99bd1c.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\Mobogenie_INT.exe
[FUND] Enthält Muster der Software PUA/NextLive.opea.2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3d66ba00.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\ICReinstall_nsk125.tmp
[FUND] Enthält Muster der Software PUA/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6b7eb024.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\DM1394018213.exe
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2cefb4ef.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\DM1394018022.exe
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0fa3da1b.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\0_Offer_1.exe
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480af3d5.qua' verschoben!
C:\Dokumente und Einstellungen\RMM\Eigene Dateien\Downloads\PhotoFiltre7-de.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallShare.D
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3a8ea0a8.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 2. April 2015 19:36
Benötigte Zeit: 2:11:48 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

10788 Verzeichnisse wurden überprüft
382509 Dateien wurden geprüft
18 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
17 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
382491 Dateien ohne Befall
4142 Archive wurden durchsucht
4 Warnungen
17 Hinweise
406366 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Logfiles Funde


Exportierte Ereignisse:

02.04.2015 19:36 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Eigene
Dateien\Downloads\PhotoFiltre7-de.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/InstallShare.D'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3a8ea0a8.qua'
verschoben!

02.04.2015 19:36 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\0_Offer_1.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Outbrowse.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480af3d5.qua'
verschoben!

02.04.2015 19:35 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\DM1394018022.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Outbrowse.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0fa3da1b.qua'
verschoben!

02.04.2015 19:35 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\DM1394018213.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Outbrowse.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2cefb4ef.qua'
verschoben!

02.04.2015 19:35 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\ICReinstall_nsk125.tmp'
enthielt einen Virus oder unerwünschtes Programm 'PUA/InstallCore.Gen9'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6b7eb024.qua'
verschoben!

02.04.2015 19:35 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\Mobogenie_INT.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/NextLive.opea.2'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3d66ba00.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\nsk125.tmp'
enthielt einen Virus oder unerwünschtes Programm 'PUA/InstallCore.Gen9'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6d99bd1c.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\fullpackage_temp1394018249\tmp\wpm.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Cherished.oia'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2879e73c.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\{00014C6D-4655-B629}'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Foreign.hyjm'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '176abd5a.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\OCS\ocs_v71a.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '676e9fae.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'D:\Eigene Dateien\Tools\Nero_BurnLite-10.0.10600_CB-DL-Manager.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/InstallCore.Gen'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e40be20.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\GFVG980U\fax-message876-792-093.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.175575'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3b339546.qua'
verschoben!

02.04.2015 19:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Dokumente und Einstellungen\RMM\Lokale
Einstellungen\Temp\Rnhzisn\mmpywwimp.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.44258'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '13d0c610.qua'
verschoben!

02.04.2015 19:33 [System-Scanner] Malware gefunden
Die Datei 'D:\Eigene Dateien\Tools\realtek-ac-97-4-06.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/DonwloadSponsor.psa'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0d69adf2.qua'
verschoben!

02.04.2015 19:33 [System-Scanner] Malware gefunden
Die Datei 'D:\Eigene Dateien\Tools\SpyBot Search Destroy - CHIP-Downloader.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '06b5f195.qua'
verschoben!

02.04.2015 19:31 [System-Scanner] Malware gefunden
Die Datei 'D:\Eigene Dateien\Tools\Motorola V9\Motorola V9\CD.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen4' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5112d9ab.qua'
verschoben!

02.04.2015 19:31 [System-Scanner] Malware gefunden
Die Datei 'D:\Eigene Dateien\Tools\Motorola V9\CD.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen4' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4985f60d.qua'
verschoben!
__________________

Alt 02.04.2015, 21:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Vermutlich Cryptowall Virus auf XP Rechner - Standard

Vermutlich Cryptowall Virus auf XP Rechner



Entschlüsseln ist unmöglich.


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2015, 02:16   #5
Roland500sel
 
Vermutlich Cryptowall Virus auf XP Rechner - Standard

Erster Durchlauf - zweiter nach Neustart im Gange



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.672000 GHz
Memory total: 1073205248, free: 459825152

Downloaded database version: v2015.04.02.05
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
04/02/2015 22:22:23
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
sisagp.sys
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\sisnic.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\Cap7134.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ctxs51.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\lgbtbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lgvmodem.sys
\SystemRoot\system32\DRIVERS\lgbtport.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\PhTVTune.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.04.02.05
rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86788ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8671c978, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff8673e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86788ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff867401b8, DeviceName: \Device\00000058\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86791940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394bus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisperf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisperf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F174F16

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 40965687
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 40965750 Numsec = 193454730

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85cd7ab8, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85cd78d8, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff859744b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85cd7ab8, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff861ae4c8, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85e34030, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e46e50, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85d083f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e34030, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e255c0, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff85ce8ab8, DeviceName: \Device\Harddisk3\DR13\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8650a578, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85d02020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85ce8ab8, DeviceName: \Device\Harddisk3\DR13\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e43030, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85e22030, DeviceName: \Device\Harddisk4\DR17\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff859bec60, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85e30690, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e22030, DeviceName: \Device\Harddisk4\DR17\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e29428, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\
------------ End ----------
Infected file C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\is45637729\5661153_stp\wajam_validate.exe could not be remediated because backup file is not available
File "C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat" is compressed (flags = 1)
File "C:\Dokumente und Einstellungen\RMM\Cookies\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\SchedLgU.Txt" is compressed (flags = 1)
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.HTML --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.PNG --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.TXT --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.URL --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.HTML --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.PNG --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.TXT --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.URL --> [CryptoWall.Trace]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_XMLLookup --> [Hijacker.XMLLookup]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_Application --> [Hijacker.Application]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_intl --> [Hijacker.intl]
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{3f4dabe0-8061-4eb3-8ae7-265a4c579700}|ItemData --> [Hijack.SecurityRun]
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{3F4DABE0-8061-4EB3-8AE7-265A4C579700} --> [Hijack.SecurityRun]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|XMLLookup --> [Hijacker.XMLLookup]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application --> [Hijacker.Application]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|intl --> [Hijacker.intl]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Zweiter Durchlauf - keine Malware!

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.672000 GHz
Memory total: 1073205248, free: 459825152

Downloaded database version: v2015.04.02.05
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
04/02/2015 22:22:23
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
sisagp.sys
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\sisnic.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\Cap7134.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ctxs51.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\lgbtbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lgvmodem.sys
\SystemRoot\system32\DRIVERS\lgbtport.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\PhTVTune.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.04.02.05
rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86788ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8671c978, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff8673e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86788ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff867401b8, DeviceName: \Device\00000058\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86791940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394bus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisperf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisperf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F174F16

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 40965687
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 40965750 Numsec = 193454730

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85cd7ab8, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85cd78d8, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff859744b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85cd7ab8, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff861ae4c8, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85e34030, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e46e50, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85d083f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e34030, DeviceName: \Device\Harddisk2\DR12\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e255c0, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff85ce8ab8, DeviceName: \Device\Harddisk3\DR13\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8650a578, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85d02020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85ce8ab8, DeviceName: \Device\Harddisk3\DR13\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e43030, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85e22030, DeviceName: \Device\Harddisk4\DR17\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff859bec60, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85e30690, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e22030, DeviceName: \Device\Harddisk4\DR17\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e29428, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\
------------ End ----------
Infected file C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\is45637729\5661153_stp\wajam_validate.exe could not be remediated because backup file is not available
File "C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat" is compressed (flags = 1)
File "C:\Dokumente und Einstellungen\RMM\Cookies\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\SchedLgU.Txt" is compressed (flags = 1)
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.HTML --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.PNG --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.TXT --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Startmenü\Programme\Autostart\HELP_DECRYPT.URL --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.HTML --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.PNG --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.TXT --> [CryptoWall.Trace]
Infected: C:\Dokumente und Einstellungen\RMM\Desktop\HELP_DECRYPT.URL --> [CryptoWall.Trace]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_XMLLookup --> [Hijacker.XMLLookup]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_Application --> [Hijacker.Application]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_intl --> [Hijacker.intl]
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{3f4dabe0-8061-4eb3-8ae7-265a4c579700}|ItemData --> [Hijack.SecurityRun]
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{3F4DABE0-8061-4EB3-8AE7-265A4C579700} --> [Hijack.SecurityRun]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|XMLLookup --> [Hijacker.XMLLookup]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application --> [Hijacker.Application]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|intl --> [Hijacker.intl]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.672000 GHz
Memory total: 1073205248, free: 726933504

Downloaded database version: v2015.04.02.06
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
04/03/2015 01:03:14
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
siside.sys
VolSnap.sys
atapi.sys
disk.sys
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sisperf.sys
sisidex.sys
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\sisnic.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\Cap7134.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ctxs51.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\gameenum.sys
\SystemRoot\system32\drivers\msmpu401.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\lgbtbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\lgvmodem.sys
\SystemRoot\system32\DRIVERS\lgbtport.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\PhTVTune.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.04.02.06
rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86718ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8673bbb8, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff8673d930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86718ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8673f1b0, DeviceName: \Device\00000059\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8673e940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394bus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisperf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisperf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F174F16

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 40965687
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 40965750 Numsec = 193454730

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85daf4b0, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85cc3240, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85d5a020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85daf4b0, DeviceName: \Device\Harddisk1\DR12\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff864ef570, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85d98030, DeviceName: \Device\Harddisk2\DR13\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86583d88, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85d18e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85d98030, DeviceName: \Device\Harddisk2\DR13\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e30d70, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff85d41428, DeviceName: \Device\Harddisk3\DR18\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86584020, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85e32020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85d41428, DeviceName: \Device\Harddisk3\DR18\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e30520, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff859d7428, DeviceName: \Device\Harddisk4\DR16\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8658d620, DeviceName: Unknown, DriverName: \Driver\sisperf\
DevicePointer: 0xffffffff85df9e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff859d7428, DeviceName: \Device\Harddisk4\DR16\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e2e5c8, DeviceName: \Device\00000070\, DriverName: \Driver\usbstor\
------------ End ----------
Infected file C:\Dokumente und Einstellungen\RMM\Lokale Einstellungen\Temp\is45637729\5661153_stp\wajam_validate.exe could not be remediated because backup file is not available
File "C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat" is compressed (flags = 1)
File "C:\Dokumente und Einstellungen\RMM\IETldCache\index.dat" is compressed (flags = 1)
File "C:\Dokumente und Einstellungen\RMM\Cookies\index.dat" is compressed (flags = 1)
File "C:\WINDOWS\SchedLgU.Txt" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished


Alt 03.04.2015, 04:14   #6
Roland500sel
 
Vermutlich Cryptowall Virus auf XP Rechner - Standard

Vermutlich Cryptowall Virus auf XP Rechner



TDSSkiller - keine Bedrohungen gefunden


02:16:53.0034 0x098c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
02:17:03.0089 0x098c ============================================================
02:17:03.0089 0x098c Current date / time: 2015/04/03 02:17:03.0089
02:17:03.0089 0x098c SystemInfo:
02:17:03.0089 0x098c
02:17:03.0089 0x098c OS Version: 5.1.2600 ServicePack: 3.0
02:17:03.0089 0x098c Product type: Workstation
02:17:03.0089 0x098c ComputerName: RMM-NUNFDW5LN3A
02:17:03.0089 0x098c UserName: RMM
02:17:03.0089 0x098c Windows directory: C:\WINDOWS
02:17:03.0089 0x098c System windows directory: C:\WINDOWS
02:17:03.0089 0x098c Processor architecture: Intel x86
02:17:03.0089 0x098c Number of processors: 1
02:17:03.0089 0x098c Page size: 0x1000
02:17:03.0089 0x098c Boot type: Normal boot
02:17:03.0089 0x098c ============================================================
02:17:14.0135 0x098c KLMD registered as C:\WINDOWS\system32\drivers\75130887.sys
02:17:15.0457 0x098c System UUID: {0396C8A0-C64C-DD06-5293-97DF3F2CA9CE}
02:17:19.0132 0x098c Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:17:19.0192 0x098c ============================================================
02:17:19.0192 0x098c \Device\Harddisk0\DR0:
02:17:19.0222 0x098c MBR partitions:
02:17:19.0222 0x098c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
02:17:19.0232 0x098c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x387CD68
02:17:19.0242 0x098c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5F8E45C, BlocksNum 0x80014A4
02:17:19.0242 0x098c ============================================================
02:17:19.0322 0x098c C: <-> \Device\Harddisk0\DR0\Partition1
02:17:19.0402 0x098c D: <-> \Device\Harddisk0\DR0\Partition3
02:17:19.0432 0x098c E: <-> \Device\Harddisk0\DR0\Partition2
02:17:19.0462 0x098c ============================================================
02:17:19.0462 0x098c Initialize success
02:17:19.0462 0x098c ============================================================
02:18:32.0327 0x0e9c ============================================================
02:18:32.0327 0x0e9c Scan started
02:18:32.0327 0x0e9c Mode: Manual; SigCheck; TDLFS;
02:18:32.0327 0x0e9c ============================================================
02:18:32.0327 0x0e9c KSN ping started
02:18:35.0322 0x0e9c KSN ping finished: true
02:18:35.0782 0x0e9c ================ Scan system memory ========================
02:18:35.0782 0x0e9c System memory - ok
02:18:35.0792 0x0e9c ================ Scan services =============================
02:18:35.0912 0x0e9c Abiosdsk - ok
02:18:35.0922 0x0e9c abp480n5 - ok
02:18:35.0972 0x0e9c [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:18:37.0455 0x0e9c ACPI - ok
02:18:37.0505 0x0e9c [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:18:37.0675 0x0e9c ACPIEC - ok
02:18:37.0765 0x0e9c [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:18:37.0805 0x0e9c AdobeFlashPlayerUpdateSvc - ok
02:18:37.0825 0x0e9c adpu160m - ok
02:18:37.0865 0x0e9c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:18:38.0055 0x0e9c aec - ok
02:18:38.0096 0x0e9c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:18:38.0156 0x0e9c AFD - ok
02:18:38.0166 0x0e9c Aha154x - ok
02:18:38.0186 0x0e9c aic78u2 - ok
02:18:38.0196 0x0e9c aic78xx - ok
02:18:38.0576 0x0e9c [ DD8520280304B6145A6BE31008748C7C, 4007EAA97E501492E450241338759337EF05E4F5C61AA05FF4BA3CFAD036B0D9 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:18:39.0578 0x0e9c ALCXWDM - ok
02:18:39.0628 0x0e9c [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:18:39.0828 0x0e9c Alerter - ok
02:18:39.0848 0x0e9c [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
02:18:40.0018 0x0e9c ALG - ok
02:18:40.0028 0x0e9c AliIde - ok
02:18:40.0048 0x0e9c amsint - ok
02:18:40.0088 0x0e9c [ 3E59DF4984FBD6800D6621480B38A34E, 6C90F01CE8AB8A7DFD9FA07DF670EAF138BCEBF9E04A4DE2C06DFC6311121E4E ] Andbus C:\WINDOWS\system32\DRIVERS\lgandbus.sys
02:18:40.0199 0x0e9c Andbus - ok
02:18:40.0229 0x0e9c [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56, 0F6705D872DA81AA0E3CE88C6A4690006157F7904DF82B9FA985BE2FD10D64B3 ] AndDiag C:\WINDOWS\system32\DRIVERS\lganddiag.sys
02:18:40.0269 0x0e9c AndDiag - ok
02:18:40.0319 0x0e9c [ 1D2C90E25483363D54B652898BBC8F2A, F8361DA10CF0DC30AA2BA2A31D92167E6FBEA83854FFF7210664233C256D51E0 ] AndGps C:\WINDOWS\system32\DRIVERS\lgandgps.sys
02:18:40.0349 0x0e9c AndGps - ok
02:18:40.0389 0x0e9c [ B1B06A95DA2CAC7FA19832C60C348C85, C768070EC4F7486901FA459AD92FDDBA63DC4C3A6DFD73C100D3EE4377ABD137 ] ANDModem C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
02:18:40.0429 0x0e9c ANDModem - ok
02:18:40.0449 0x0e9c androidusb - ok
02:18:40.0579 0x0e9c [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
02:18:40.0679 0x0e9c AntiVirSchedulerService - ok
02:18:40.0799 0x0e9c [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
02:18:40.0950 0x0e9c AntiVirService - ok
02:18:40.0970 0x0e9c AppMgmt - ok
02:18:41.0000 0x0e9c [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:18:41.0180 0x0e9c Arp1394 - ok
02:18:41.0200 0x0e9c asc - ok
02:18:41.0210 0x0e9c asc3350p - ok
02:18:41.0230 0x0e9c asc3550 - ok
02:18:41.0310 0x0e9c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:18:41.0330 0x0e9c aspnet_state - ok
02:18:41.0370 0x0e9c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:18:41.0621 0x0e9c AsyncMac - ok
02:18:41.0671 0x0e9c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:18:41.0841 0x0e9c atapi - ok
02:18:41.0851 0x0e9c Atdisk - ok
02:18:41.0881 0x0e9c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:18:42.0061 0x0e9c Atmarpc - ok
02:18:42.0111 0x0e9c [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:18:42.0332 0x0e9c AudioSrv - ok
02:18:42.0372 0x0e9c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:18:42.0582 0x0e9c audstub - ok
02:18:42.0622 0x0e9c [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:18:42.0642 0x0e9c avgntflt - ok
02:18:42.0692 0x0e9c [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
02:18:42.0722 0x0e9c avipbb - ok
02:18:42.0792 0x0e9c [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe
02:18:42.0822 0x0e9c Avira.OE.ServiceHost - ok
02:18:42.0862 0x0e9c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
02:18:42.0892 0x0e9c avkmgr - ok
02:18:42.0932 0x0e9c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:18:43.0163 0x0e9c Beep - ok
02:18:43.0223 0x0e9c [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
02:18:43.0523 0x0e9c BITS - ok
02:18:43.0563 0x0e9c [ B71549F23736ADF83A571061C47777FD, A1D0320736EE777030A543DCA086367EB5A5B6F95088B9C22D8E09326C3A39A9 ] Browser C:\WINDOWS\System32\browser.dll
02:18:43.0623 0x0e9c Browser - ok
02:18:43.0674 0x0e9c [ FDFE848C821F0666C4507A11717146C2, F8806F8DC1C97CF3BA6DFA3F515D08418433A72A83C2D06C1F3966B2DF0BEFF4 ] Cap7134 C:\WINDOWS\system32\DRIVERS\Cap7134.sys
02:18:43.0754 0x0e9c Cap7134 - ok
02:18:43.0784 0x0e9c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:18:44.0495 0x0e9c cbidf2k - ok
02:18:44.0535 0x0e9c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:18:44.0735 0x0e9c CCDECODE - ok
02:18:44.0745 0x0e9c cd20xrnt - ok
02:18:44.0785 0x0e9c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:18:44.0975 0x0e9c Cdaudio - ok
02:18:45.0005 0x0e9c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:18:45.0186 0x0e9c Cdfs - ok
02:18:45.0206 0x0e9c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:18:45.0777 0x0e9c Cdrom - ok
02:18:45.0787 0x0e9c Changer - ok
02:18:45.0827 0x0e9c [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] cisvc C:\WINDOWS\system32\cisvc.exe
02:18:45.0987 0x0e9c cisvc - ok
02:18:46.0017 0x0e9c [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:18:46.0177 0x0e9c ClipSrv - ok
02:18:46.0207 0x0e9c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:18:46.0237 0x0e9c clr_optimization_v2.0.50727_32 - ok
02:18:46.0247 0x0e9c CltMngSvc - ok
02:18:46.0257 0x0e9c CmdIde - ok
02:18:46.0277 0x0e9c COMSysApp - ok
02:18:46.0307 0x0e9c Cpqarray - ok
02:18:46.0347 0x0e9c [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:18:46.0528 0x0e9c CryptSvc - ok
02:18:46.0528 0x0e9c dac2w2k - ok
02:18:46.0548 0x0e9c dac960nt - ok
02:18:46.0618 0x0e9c [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:18:46.0718 0x0e9c DcomLaunch - ok
02:18:46.0788 0x0e9c [ EDE77ED190F62AE4508AE7C04B4DB5E8, CFD80154827900903A13975D78EBE4839DB2CB84908E56BC2DDBC0AC082A43D3 ] DeviceMonitorService C:\Programme\Motorola Media Link\Lite\NServiceEntry.exe
02:18:46.0808 0x0e9c DeviceMonitorService - ok
02:18:46.0848 0x0e9c [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:18:47.0038 0x0e9c Dhcp - ok
02:18:47.0068 0x0e9c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:18:47.0229 0x0e9c Disk - ok
02:18:47.0239 0x0e9c dmadmin - ok
02:18:47.0299 0x0e9c [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:18:47.0529 0x0e9c dmboot - ok
02:18:47.0579 0x0e9c [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:18:47.0729 0x0e9c dmio - ok
02:18:47.0759 0x0e9c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:18:47.0930 0x0e9c dmload - ok
02:18:47.0970 0x0e9c [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:18:48.0130 0x0e9c dmserver - ok
02:18:48.0160 0x0e9c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:18:48.0320 0x0e9c DMusic - ok
02:18:48.0350 0x0e9c [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:18:48.0400 0x0e9c Dnscache - ok
02:18:48.0450 0x0e9c [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:18:48.0621 0x0e9c Dot3svc - ok
02:18:48.0621 0x0e9c dpti2o - ok
02:18:48.0651 0x0e9c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:18:48.0811 0x0e9c drmkaud - ok
02:18:48.0861 0x0e9c [ 00C161B3D20AE0F9C7C3C0EB53AB7155, 38FE83B482FA580B292F7DFC8B372C78AECD6FF53EC41EB7BF4A2461827CDD64 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
02:18:48.0911 0x0e9c dtsoftbus01 - detected UnsignedFile.Multi.Generic ( 1 )
02:18:51.0585 0x0e9c Detect skipped due to KSN trusted
02:18:51.0585 0x0e9c dtsoftbus01 - ok
02:18:51.0605 0x0e9c [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:18:51.0755 0x0e9c EapHost - ok
02:18:51.0785 0x0e9c [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:18:51.0925 0x0e9c ERSvc - ok
02:18:52.0006 0x0e9c [ 881419B3D7BF48E53249FF16B00F976F, 361885BC47A545C41F300AE188E1C321B4756E0BD3D845CD840067838E6C60B6 ] esgiguard C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys
02:18:52.0026 0x0e9c esgiguard - ok
02:18:52.0076 0x0e9c [ 01CE484FF6D70A39479BC6D619DE7ED6, E3ABCB9FF8844148119630E2B9B8456FA8706AB8C947986EB040B7A921C16EFE ] EsgScanner C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
02:18:52.0096 0x0e9c EsgScanner - ok
02:18:52.0126 0x0e9c [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
02:18:52.0186 0x0e9c Eventlog - ok
02:18:52.0236 0x0e9c [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\System32\es.dll
02:18:52.0296 0x0e9c EventSystem - ok
02:18:52.0336 0x0e9c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:18:52.0506 0x0e9c Fastfat - ok
02:18:52.0546 0x0e9c [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:18:52.0616 0x0e9c FastUserSwitchingCompatibility - ok
02:18:52.0636 0x0e9c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:18:52.0787 0x0e9c Fdc - ok
02:18:52.0827 0x0e9c [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:18:52.0977 0x0e9c Fips - ok
02:18:53.0007 0x0e9c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:18:53.0177 0x0e9c Flpydisk - ok
02:18:53.0207 0x0e9c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:18:53.0367 0x0e9c FltMgr - ok
02:18:53.0438 0x0e9c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:18:53.0458 0x0e9c FontCache3.0.0.0 - ok
02:18:53.0478 0x0e9c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:18:53.0658 0x0e9c Fs_Rec - ok
02:18:53.0698 0x0e9c [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:18:53.0888 0x0e9c Ftdisk - ok
02:18:53.0908 0x0e9c [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:18:54.0058 0x0e9c gameenum - ok
02:18:54.0099 0x0e9c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:18:54.0249 0x0e9c Gpc - ok
02:18:54.0319 0x0e9c gupdate - ok
02:18:54.0329 0x0e9c gupdatem - ok
02:18:54.0369 0x0e9c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
02:18:54.0399 0x0e9c gusvc - ok
02:18:54.0449 0x0e9c [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:18:54.0609 0x0e9c helpsvc - ok
02:18:54.0639 0x0e9c [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
02:18:54.0820 0x0e9c HidServ - ok
02:18:54.0850 0x0e9c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:18:55.0040 0x0e9c hidusb - ok
02:18:55.0070 0x0e9c [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:18:55.0230 0x0e9c hkmsvc - ok
02:18:55.0250 0x0e9c hpn - ok
02:18:55.0260 0x0e9c hpt3xx - ok
02:18:55.0320 0x0e9c [ 0205764933EBE09B2C0BCBFC005ED939, F853493615D21883303EC5A2F6627A9A63E69CB4528BF4589E7EFD432248449A ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
02:18:55.0380 0x0e9c HSFHWBS2 - ok
02:18:55.0471 0x0e9c [ 275A0371ADDE24B09AF838D006340F67, 0821EFB997170C9CEE0E535270E4B20066C15A0AF55B491860A54978CB918A69 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
02:18:55.0621 0x0e9c HSF_DPV - ok
02:18:55.0671 0x0e9c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:18:55.0721 0x0e9c HTTP - ok
02:18:55.0771 0x0e9c [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:18:55.0941 0x0e9c HTTPFilter - ok
02:18:55.0951 0x0e9c i2omgmt - ok
02:18:55.0971 0x0e9c i2omp - ok
02:18:56.0001 0x0e9c [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:18:56.0162 0x0e9c i8042prt - ok
02:18:56.0242 0x0e9c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:18:56.0362 0x0e9c idsvc - ok
02:18:56.0402 0x0e9c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:18:56.0562 0x0e9c Imapi - ok
02:18:56.0602 0x0e9c [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\System32\imapi.exe
02:18:56.0762 0x0e9c ImapiService - ok
02:18:56.0782 0x0e9c ini910u - ok
02:18:56.0802 0x0e9c IntelIde - ok
02:18:56.0842 0x0e9c [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:18:56.0993 0x0e9c intelppm - ok
02:18:57.0063 0x0e9c [ CB5C2935491F0F998F1B62BFFA258464, A26B68132B8228B75F9304B87568EF2812A776847EE2036ECBE0182A3EA959FC ] Intels51 C:\WINDOWS\system32\DRIVERS\ctxs51.sys
02:18:57.0173 0x0e9c Intels51 - ok
02:18:57.0223 0x0e9c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:18:57.0393 0x0e9c ip6fw - ok
02:18:57.0423 0x0e9c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:18:57.0604 0x0e9c IpFilterDriver - ok
02:18:57.0624 0x0e9c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:18:57.0774 0x0e9c IpInIp - ok
02:18:57.0814 0x0e9c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:18:57.0974 0x0e9c IpNat - ok
02:18:57.0994 0x0e9c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:18:58.0164 0x0e9c IPSec - ok
02:18:58.0184 0x0e9c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:18:58.0335 0x0e9c IRENUM - ok
02:18:58.0355 0x0e9c [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:18:58.0525 0x0e9c isapnp - ok
02:18:58.0625 0x0e9c [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
02:18:58.0655 0x0e9c JavaQuickStarterService - ok
02:18:58.0695 0x0e9c [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:18:58.0845 0x0e9c Kbdclass - ok
02:18:58.0865 0x0e9c [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:18:59.0016 0x0e9c kbdhid - ok
02:18:59.0046 0x0e9c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:18:59.0206 0x0e9c kmixer - ok
02:18:59.0236 0x0e9c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:18:59.0296 0x0e9c KSecDD - ok
02:18:59.0346 0x0e9c [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:18:59.0416 0x0e9c lanmanserver - ok
02:18:59.0456 0x0e9c Lbd - ok
02:18:59.0466 0x0e9c lbrtfdc - ok
02:18:59.0526 0x0e9c [ 027D03D9D8AB95194A115A999E960AC0, F21DAAEC63CAB4BC9EC101EC8D018BB3C5DDFA70A46CC10A454DB7BEB2AB878B ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
02:18:59.0637 0x0e9c LexBceS - ok
02:18:59.0667 0x0e9c [ 4DD47B5AF0B24871EBB9EFC012A7474E, D35F979787C6B6654D5D6E4D0C1433FCB7B3FF9512B03330B3ADB8F052314296 ] LgBttPort C:\WINDOWS\system32\DRIVERS\lgbtport.sys
02:18:59.0707 0x0e9c LgBttPort - ok
02:18:59.0737 0x0e9c [ 1D038CA6C529203087A990E5E97887B4, 71C6FF0AC29C61513A9AB64DF43AD4360116C91204DD69BA2B0CBAA3E26FB436 ] lgbusenum C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
02:18:59.0767 0x0e9c lgbusenum - ok
02:18:59.0807 0x0e9c [ 26F1976A330195D62A6224C76968CF0D, C47B9F2B52D1721543481E213281487E76694C1C5485432DDC35D01DCE8B8E4D ] LGVMODEM C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
02:18:59.0837 0x0e9c LGVMODEM - ok
02:18:59.0877 0x0e9c [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:19:00.0027 0x0e9c LmHosts - ok
02:19:00.0067 0x0e9c [ 2C137B8C4F4076FDFFBB81E23EC99248, 55952CD3723C3E957E809C1DAD5C5A52F368AE32FBE0A1B12699E5251E74B806 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
02:19:00.0087 0x0e9c mbamchameleon - ok
02:19:00.0127 0x0e9c [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
02:19:00.0147 0x0e9c mdmxsdk - ok
02:19:00.0187 0x0e9c [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:19:00.0338 0x0e9c Messenger - ok
02:19:00.0378 0x0e9c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:19:00.0558 0x0e9c mnmdd - ok
02:19:00.0598 0x0e9c [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
02:19:00.0738 0x0e9c mnmsrvc - ok
02:19:00.0778 0x0e9c [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:19:00.0928 0x0e9c Modem - ok
02:19:00.0958 0x0e9c [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
02:19:01.0119 0x0e9c MODEMCSA - ok
02:19:01.0149 0x0e9c [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:19:01.0309 0x0e9c Mouclass - ok
02:19:01.0329 0x0e9c [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:19:01.0499 0x0e9c mouhid - ok
02:19:01.0529 0x0e9c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:19:01.0679 0x0e9c MountMgr - ok
02:19:01.0730 0x0e9c [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
02:19:01.0770 0x0e9c MozillaMaintenance - detected UnsignedFile.Multi.Generic ( 1 )
02:19:04.0383 0x0e9c Detect skipped due to KSN trusted
02:19:04.0383 0x0e9c MozillaMaintenance - ok
02:19:04.0393 0x0e9c mraid35x - ok
02:19:04.0433 0x0e9c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:19:04.0594 0x0e9c MRxDAV - ok
02:19:04.0654 0x0e9c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:19:04.0754 0x0e9c MRxSmb - ok
02:19:04.0784 0x0e9c [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\System32\msdtc.exe
02:19:04.0944 0x0e9c MSDTC - ok
02:19:04.0964 0x0e9c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:19:05.0144 0x0e9c Msfs - ok
02:19:05.0164 0x0e9c MSIServer - ok
02:19:05.0205 0x0e9c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:19:05.0405 0x0e9c MSKSSRV - ok
02:19:05.0415 0x0e9c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:19:05.0575 0x0e9c MSPCLOCK - ok
02:19:05.0585 0x0e9c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:19:05.0745 0x0e9c MSPQM - ok
02:19:05.0765 0x0e9c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:19:05.0926 0x0e9c mssmbios - ok
02:19:05.0956 0x0e9c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:19:06.0106 0x0e9c MSTEE - ok
02:19:06.0126 0x0e9c [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
02:19:06.0286 0x0e9c ms_mpu401 - ok
02:19:06.0326 0x0e9c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:19:06.0366 0x0e9c Mup - ok
02:19:06.0406 0x0e9c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:19:06.0566 0x0e9c NABTSFEC - ok
02:19:06.0617 0x0e9c [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:19:06.0787 0x0e9c napagent - ok
02:19:06.0927 0x0e9c [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate C:\Programme\Nero\Update\NASvc.exe
02:19:07.0007 0x0e9c NAUpdate - ok
02:19:07.0057 0x0e9c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:19:07.0227 0x0e9c NDIS - ok
02:19:07.0267 0x0e9c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:19:07.0418 0x0e9c NdisIP - ok
02:19:07.0468 0x0e9c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:19:07.0518 0x0e9c NdisTapi - ok
02:19:07.0538 0x0e9c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:19:07.0688 0x0e9c Ndisuio - ok
02:19:07.0718 0x0e9c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:19:07.0878 0x0e9c NdisWan - ok
02:19:07.0908 0x0e9c [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:19:07.0938 0x0e9c NDProxy - ok
02:19:07.0978 0x0e9c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:19:08.0129 0x0e9c NetBIOS - ok
02:19:08.0169 0x0e9c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:19:08.0319 0x0e9c NetBT - ok
02:19:08.0359 0x0e9c [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
02:19:08.0539 0x0e9c NetDDE - ok
02:19:08.0559 0x0e9c [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:19:08.0710 0x0e9c NetDDEdsdm - ok
02:19:08.0740 0x0e9c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\System32\lsass.exe
02:19:08.0890 0x0e9c Netlogon - ok
02:19:08.0930 0x0e9c [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
02:19:09.0100 0x0e9c Netman - ok
02:19:09.0150 0x0e9c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:19:09.0180 0x0e9c NetTcpPortSharing - ok
02:19:09.0200 0x0e9c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:19:09.0350 0x0e9c NIC1394 - ok
02:19:09.0451 0x0e9c [ 13DCC5AF4FE51B3AB8B0422E9BAA55AC, 4D89A5AB19B64D3A746D6B576AAE94DB6C18FC86DAB697B61CC5DFE6A3E5BACE ] NitroReaderDriverReadSpool3 C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
02:19:09.0481 0x0e9c NitroReaderDriverReadSpool3 - ok
02:19:09.0531 0x0e9c [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
02:19:09.0581 0x0e9c Nla - ok
02:19:09.0631 0x0e9c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:19:09.0771 0x0e9c Npfs - ok
02:19:09.0841 0x0e9c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:19:10.0051 0x0e9c Ntfs - ok
02:19:10.0082 0x0e9c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
02:19:10.0222 0x0e9c NtLmSsp - ok
02:19:10.0282 0x0e9c [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:19:10.0492 0x0e9c NtmsSvc - ok
02:19:10.0522 0x0e9c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
02:19:10.0692 0x0e9c Null - ok
02:19:10.0863 0x0e9c [ 74544FECA4C7BC42D377FEDAFA18013D, EA88D854B5334FE5BEBE9FBA953FB3C41C112269CE933FF3BBC65F7953982914 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:19:11.0353 0x0e9c nv - ok
02:19:11.0413 0x0e9c [ B55559BBFCE2E9B1FBA44687D5F8ADDC, 44FFE4E9D560008E2370D5B5D48D5B758F58D778AB701267B71979CF350AB823 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
02:19:11.0474 0x0e9c NVSvc - ok
02:19:11.0504 0x0e9c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:19:11.0654 0x0e9c NwlnkFlt - ok
02:19:11.0674 0x0e9c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:19:11.0844 0x0e9c NwlnkFwd - ok
02:19:11.0864 0x0e9c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:19:12.0014 0x0e9c ohci1394 - ok
02:19:12.0064 0x0e9c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
02:19:12.0094 0x0e9c ose - ok
02:19:12.0104 0x0e9c [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:19:12.0265 0x0e9c Parport - ok
02:19:12.0295 0x0e9c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:19:12.0435 0x0e9c PartMgr - ok
02:19:12.0475 0x0e9c [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:19:12.0635 0x0e9c ParVdm - ok
02:19:12.0665 0x0e9c [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:19:12.0825 0x0e9c PCI - ok
02:19:12.0835 0x0e9c PCIDump - ok
02:19:12.0866 0x0e9c [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:19:13.0016 0x0e9c PCIIde - ok
02:19:13.0046 0x0e9c [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:19:13.0206 0x0e9c Pcmcia - ok
02:19:13.0216 0x0e9c PDCOMP - ok
02:19:13.0226 0x0e9c PDFRAME - ok
02:19:13.0246 0x0e9c PDRELI - ok
02:19:13.0256 0x0e9c PDRFRAME - ok
02:19:13.0266 0x0e9c perc2 - ok
02:19:13.0286 0x0e9c perc2hib - ok
02:19:13.0346 0x0e9c [ 94E7F6107C70251059AE4D01B1D76124, 703F4D8FE75DE817D9D6A0ABF3CDCB701C0908820E183331D8C739B6C09E1B3A ] PhTVTune C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
02:19:13.0396 0x0e9c PhTVTune - ok
02:19:13.0426 0x0e9c [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
02:19:13.0476 0x0e9c PlugPlay - ok
02:19:13.0496 0x0e9c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
02:19:13.0637 0x0e9c PolicyAgent - ok
02:19:13.0677 0x0e9c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:19:13.0827 0x0e9c PptpMiniport - ok
02:19:13.0857 0x0e9c [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:19:14.0017 0x0e9c Processor - ok
02:19:14.0017 0x0e9c Prosieben - ok
02:19:14.0047 0x0e9c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:19:14.0187 0x0e9c ProtectedStorage - ok
02:19:14.0217 0x0e9c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:19:14.0378 0x0e9c PSched - ok
02:19:14.0408 0x0e9c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:19:14.0568 0x0e9c Ptilink - ok
02:19:14.0608 0x0e9c [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:19:14.0628 0x0e9c PxHelp20 - ok
02:19:14.0638 0x0e9c ql1080 - ok
02:19:14.0648 0x0e9c Ql10wnt - ok
02:19:14.0668 0x0e9c ql12160 - ok
02:19:14.0678 0x0e9c ql1240 - ok
02:19:14.0688 0x0e9c ql1280 - ok
02:19:14.0738 0x0e9c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:19:14.0888 0x0e9c RasAcd - ok
02:19:14.0928 0x0e9c [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:19:15.0089 0x0e9c RasAuto - ok
02:19:15.0119 0x0e9c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:19:15.0289 0x0e9c Rasl2tp - ok
02:19:15.0329 0x0e9c [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:19:15.0569 0x0e9c RasMan - ok
02:19:15.0589 0x0e9c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:19:15.0740 0x0e9c RasPppoe - ok
02:19:15.0760 0x0e9c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:19:15.0900 0x0e9c Raspti - ok
02:19:15.0930 0x0e9c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:19:16.0090 0x0e9c Rdbss - ok
02:19:16.0120 0x0e9c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:19:16.0270 0x0e9c RDPCDD - ok
02:19:16.0320 0x0e9c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:19:16.0361 0x0e9c RDPWD - ok
02:19:16.0401 0x0e9c [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:19:16.0591 0x0e9c RDSessMgr - ok
02:19:16.0621 0x0e9c [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:19:16.0771 0x0e9c redbook - ok
02:19:16.0801 0x0e9c [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:19:16.0951 0x0e9c RemoteAccess - ok
02:19:16.0971 0x0e9c [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\System32\locator.exe
02:19:17.0132 0x0e9c RpcLocator - ok
02:19:17.0182 0x0e9c [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:19:17.0242 0x0e9c RpcSs - ok
02:19:17.0282 0x0e9c [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\System32\rsvp.exe
02:19:17.0462 0x0e9c RSVP - ok
02:19:17.0482 0x0e9c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
02:19:17.0632 0x0e9c SamSs - ok
02:19:17.0662 0x0e9c [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:19:17.0833 0x0e9c SCardSvr - ok
02:19:17.0883 0x0e9c [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:19:18.0053 0x0e9c Schedule - ok
02:19:18.0083 0x0e9c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:19:18.0223 0x0e9c Secdrv - ok
02:19:18.0253 0x0e9c [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
02:19:18.0414 0x0e9c seclogon - ok
02:19:18.0444 0x0e9c [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
02:19:18.0614 0x0e9c SENS - ok
02:19:18.0624 0x0e9c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:19:18.0784 0x0e9c serenum - ok
02:19:18.0804 0x0e9c [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:19:18.0954 0x0e9c Serial - ok
02:19:18.0984 0x0e9c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:19:19.0145 0x0e9c Sfloppy - ok
02:19:19.0195 0x0e9c [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:19:19.0385 0x0e9c SharedAccess - ok
02:19:19.0425 0x0e9c [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:19:19.0475 0x0e9c ShellHWDetection - ok
02:19:19.0485 0x0e9c Simbad - ok
02:19:19.0525 0x0e9c [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
02:19:19.0675 0x0e9c sisagp - ok
02:19:19.0705 0x0e9c [ 982FD755516012BFD582EF20C6A123FF, 45D36060DA52A98F977040F30842C6231C440A03B8B4D974832B07B99A268BB6 ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
02:19:19.0745 0x0e9c SiSide - ok
02:19:19.0785 0x0e9c [ B0A33495FA3C31A96941D37258912BDA, E478974B098F250C92D6EE699990C08377DE0C29DC1227B08F77962B03B420CA ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
02:19:19.0846 0x0e9c SISNIC - ok
02:19:19.0886 0x0e9c [ 596D4A7052002D2BD344D8937DA6F66D, 078330A9DD88603D839B470A40C3A34EB117F8CE9A98EFB2258514CE70D4FB33 ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
02:19:19.0896 0x0e9c sisperf - detected UnsignedFile.Multi.Generic ( 1 )
02:19:22.0389 0x0e9c Detect skipped due to KSN trusted
02:19:22.0389 0x0e9c sisperf - ok
02:19:22.0439 0x0e9c [ 579BA0A911FF5EA70CB604CD3B744B0A, 2B38455FD465ED17CB406D3ED942B65464612C27F020BDBD0E168B25BF1A618F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
02:19:22.0469 0x0e9c SkypeUpdate - ok
02:19:22.0509 0x0e9c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:19:22.0660 0x0e9c SLIP - ok
02:19:22.0680 0x0e9c Sparrow - ok
02:19:22.0720 0x0e9c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:19:22.0880 0x0e9c splitter - ok
02:19:22.0920 0x0e9c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:19:22.0970 0x0e9c Spooler - ok
02:19:23.0100 0x0e9c [ B785670E201B2CA20E91BF8D7B0D4D2A, F32800270EFF4794F1C029AD2F7AAD8C0E2BA3A7A38A4D92B8F7C6A148BEFCE6 ] SpyHunter 4 Service C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
02:19:23.0291 0x0e9c SpyHunter 4 Service - ok
02:19:23.0321 0x0e9c [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:19:23.0471 0x0e9c sr - ok
02:19:23.0511 0x0e9c [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\System32\srsvc.dll
02:19:23.0681 0x0e9c srservice - ok
02:19:23.0731 0x0e9c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:19:23.0831 0x0e9c Srv - ok
02:19:23.0871 0x0e9c [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:19:24.0032 0x0e9c SSDPSRV - ok
02:19:24.0062 0x0e9c [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:19:24.0082 0x0e9c ssmdrv - ok
02:19:24.0112 0x0e9c [ 1F730FDDC8E4602ECFD8D143F970CF82, 71CCC206C7C15DAD420F8AFDC08EEB5525ACD509350636197E3373D778A5559D ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
02:19:24.0132 0x0e9c StarOpen - ok
02:19:24.0182 0x0e9c [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:19:24.0382 0x0e9c stisvc - ok
02:19:24.0412 0x0e9c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:19:24.0592 0x0e9c streamip - ok
02:19:24.0622 0x0e9c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:19:24.0773 0x0e9c swenum - ok
02:19:24.0803 0x0e9c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:19:24.0963 0x0e9c swmidi - ok
02:19:24.0973 0x0e9c SwPrv - ok
02:19:24.0993 0x0e9c symc810 - ok
02:19:25.0003 0x0e9c symc8xx - ok
02:19:25.0023 0x0e9c sym_hi - ok
02:19:25.0033 0x0e9c sym_u3 - ok
02:19:25.0053 0x0e9c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:19:25.0203 0x0e9c sysaudio - ok
02:19:25.0243 0x0e9c [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:19:25.0404 0x0e9c SysmonLog - ok
02:19:25.0444 0x0e9c [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:19:25.0664 0x0e9c TapiSrv - ok
02:19:25.0724 0x0e9c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:19:25.0824 0x0e9c Tcpip - ok
02:19:25.0864 0x0e9c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:19:26.0014 0x0e9c TDPIPE - ok
02:19:26.0034 0x0e9c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:19:26.0185 0x0e9c TDTCP - ok
02:19:26.0205 0x0e9c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:19:26.0365 0x0e9c TermDD - ok
02:19:26.0425 0x0e9c [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
02:19:26.0615 0x0e9c TermService - ok
02:19:26.0645 0x0e9c [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
02:19:26.0665 0x0e9c Themes - ok
02:19:26.0675 0x0e9c TosIde - ok
02:19:26.0715 0x0e9c [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:19:26.0886 0x0e9c TrkWks - ok
02:19:26.0916 0x0e9c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:19:27.0076 0x0e9c Udfs - ok
02:19:27.0086 0x0e9c ultra - ok
02:19:27.0136 0x0e9c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:19:27.0336 0x0e9c Update - ok
02:19:27.0386 0x0e9c [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:19:27.0547 0x0e9c upnphost - ok
02:19:27.0587 0x0e9c [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
02:19:27.0737 0x0e9c UPS - ok
02:19:27.0757 0x0e9c usbbus - ok
02:19:27.0797 0x0e9c [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:19:27.0947 0x0e9c usbccgp - ok
02:19:27.0957 0x0e9c UsbDiag - ok
02:19:27.0997 0x0e9c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:19:28.0158 0x0e9c usbhub - ok
02:19:28.0168 0x0e9c USBModem - ok
02:19:28.0198 0x0e9c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:19:28.0348 0x0e9c usbohci - ok
02:19:28.0388 0x0e9c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:19:28.0548 0x0e9c usbprint - ok
02:19:28.0598 0x0e9c [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:19:28.0748 0x0e9c usbscan - ok
02:19:28.0788 0x0e9c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:19:28.0939 0x0e9c usbstor - ok
02:19:28.0969 0x0e9c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:19:29.0129 0x0e9c VgaSave - ok
02:19:29.0139 0x0e9c ViaIde - ok
02:19:29.0169 0x0e9c [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:19:29.0319 0x0e9c VolSnap - ok
02:19:29.0369 0x0e9c [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
02:19:29.0540 0x0e9c VSS - ok
02:19:29.0580 0x0e9c [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\System32\w32time.dll
02:19:29.0760 0x0e9c W32Time - ok
02:19:29.0790 0x0e9c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:19:29.0950 0x0e9c Wanarp - ok
02:19:30.0010 0x0e9c [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
02:19:30.0070 0x0e9c Wdf01000 - ok
02:19:30.0080 0x0e9c WDICA - ok
02:19:30.0110 0x0e9c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:19:30.0271 0x0e9c wdmaud - ok
02:19:30.0311 0x0e9c [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
02:19:30.0481 0x0e9c WebClient - ok
02:19:30.0551 0x0e9c [ B49D4B52D446F8CDD8B7767C28024B11, BEDB5018D85A0FEF6D867A34F4EB4DE5243D7E441CDB3DE4CE56FC1786CE502B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
02:19:30.0661 0x0e9c winachsf - ok
02:19:30.0741 0x0e9c [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:19:30.0901 0x0e9c winmgmt - ok
02:19:30.0962 0x0e9c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:19:31.0002 0x0e9c WmdmPmSN - ok
02:19:31.0052 0x0e9c [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:19:31.0222 0x0e9c WmiApSrv - ok
02:19:31.0252 0x0e9c [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:19:31.0402 0x0e9c wscsvc - ok
02:19:31.0432 0x0e9c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:19:31.0592 0x0e9c WSTCODEC - ok
02:19:31.0622 0x0e9c [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:19:31.0793 0x0e9c wuauserv - ok
02:19:31.0833 0x0e9c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:19:31.0883 0x0e9c WudfPf - ok
02:19:31.0903 0x0e9c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:19:31.0953 0x0e9c WudfSvc - ok
02:19:32.0043 0x0e9c [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:19:32.0273 0x0e9c WZCSVC - ok
02:19:32.0313 0x0e9c [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:19:32.0484 0x0e9c xmlprov - ok
02:19:32.0504 0x0e9c ================ Scan global ===============================
02:19:32.0544 0x0e9c [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
02:19:32.0594 0x0e9c [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
02:19:32.0634 0x0e9c [ E62178BC21EAC63A3B9A2DBD46C1B505, CAA5480CC4DAA37758F0CF445F865FD6F4630080B044EF2E606C2F62DAA4061A ] C:\WINDOWS\system32\winsrv.dll
02:19:32.0664 0x0e9c [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
02:19:32.0664 0x0e9c [ Global ] - ok
02:19:32.0674 0x0e9c ================ Scan MBR ==================================
02:19:32.0684 0x0e9c [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
02:19:32.0974 0x0e9c \Device\Harddisk0\DR0 - ok
02:19:32.0974 0x0e9c ================ Scan VBR ==================================
02:19:32.0974 0x0e9c [ BD693D1DDFFD3235C1D6D8D43191C67D ] \Device\Harddisk0\DR0\Partition1
02:19:32.0984 0x0e9c \Device\Harddisk0\DR0\Partition1 - ok
02:19:33.0014 0x0e9c [ E1978AC00724328860409BB07C22AEC2 ] \Device\Harddisk0\DR0\Partition2
02:19:33.0014 0x0e9c \Device\Harddisk0\DR0\Partition2 - ok
02:19:33.0055 0x0e9c [ C17C0F7998362BBA9F33F700CF139B61 ] \Device\Harddisk0\DR0\Partition3
02:19:33.0065 0x0e9c \Device\Harddisk0\DR0\Partition3 - ok
02:19:33.0065 0x0e9c ================ Scan generic autorun ======================
02:19:33.0065 0x0e9c NvCplDaemon - ok
02:19:33.0075 0x0e9c nwiz - ok
02:19:33.0135 0x0e9c [ 80FD4D46B0E9B620CF757A9A5C789329, D0768D3982356B959B1E24B21BAD846F037E9CB83C7AEB95CF836E4791832059 ] C:\WINDOWS\SOUNDMAN.EXE
02:19:33.0395 0x0e9c SoundMan - ok
02:19:33.0465 0x0e9c [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
02:19:33.0505 0x0e9c SunJavaUpdateSched - ok
02:19:33.0535 0x0e9c [ 49FA074F302D291BDA0931F7E09AF45F, 02B22F2CF2EF375860B27D70D4C6C331238A469C710EEECC4078C61CE8CFD917 ] C:\WINDOWS\Dit.exe
02:19:33.0555 0x0e9c Dit - detected UnsignedFile.Multi.Generic ( 1 )
02:19:36.0119 0x0e9c Detect skipped due to KSN trusted
02:19:36.0119 0x0e9c Dit - ok
02:19:36.0129 0x0e9c KernelFaultCheck - ok
02:19:36.0179 0x0e9c [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Programme\Avira\My Avira\Avira.OE.Systray.exe
02:19:36.0209 0x0e9c Avira Systray - ok
02:19:36.0349 0x0e9c [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
02:19:36.0500 0x0e9c avgnt - ok
02:19:37.0912 0x0e9c [ FD947F1CBB022C1DC138013049F5E33A, FEB23DA6022A2315341F93895C2365ABCCF4978611BC2C5DD5FEDA5ED8CAB82A ] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
02:19:40.0655 0x0e9c SpyHunter Security Suite - ok
02:19:40.0726 0x0e9c [ C3A2915C71AE6F225EB906C25CCD29B5, E70818D0DC35A6AAF26C2D48A74F98509F9D0C53CFA1AB604CF47532F044010F ] C:\WINDOWS\System32\CTFMON.EXE
02:19:40.0746 0x0e9c CTFMON.EXE - detected UnsignedFile.Multi.Generic ( 1 )
02:19:43.0219 0x0e9c Detect skipped due to KSN trusted
02:19:43.0219 0x0e9c CTFMON.EXE - ok
02:19:43.0219 0x0e9c [ C3A2915C71AE6F225EB906C25CCD29B5, E70818D0DC35A6AAF26C2D48A74F98509F9D0C53CFA1AB604CF47532F044010F ] C:\WINDOWS\System32\CTFMON.EXE
02:19:43.0239 0x0e9c CTFMON.EXE - detected UnsignedFile.Multi.Generic ( 1 )
02:19:43.0239 0x0e9c Detect skipped due to KSN trusted
02:19:43.0239 0x0e9c CTFMON.EXE - ok
02:19:43.0309 0x0e9c [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
02:19:43.0329 0x0e9c swg - ok
02:19:43.0339 0x0e9c [ C3A2915C71AE6F225EB906C25CCD29B5, E70818D0DC35A6AAF26C2D48A74F98509F9D0C53CFA1AB604CF47532F044010F ] C:\WINDOWS\System32\CTFMON.EXE
02:19:43.0349 0x0e9c CTFMON.EXE - detected UnsignedFile.Multi.Generic ( 1 )
02:19:43.0349 0x0e9c Detect skipped due to KSN trusted
02:19:43.0349 0x0e9c CTFMON.EXE - ok
02:19:43.0349 0x0e9c Waiting for KSN requests completion. In queue: 2
02:19:44.0351 0x0e9c Waiting for KSN requests completion. In queue: 2
02:19:45.0352 0x0e9c Waiting for KSN requests completion. In queue: 2
02:19:46.0614 0x0e9c AV detected via SS1: Avira Desktop, 15.0.8.652, disabled, updated
02:19:46.0664 0x0e9c Win FW state via NFM: enabled
02:19:49.0118 0x0e9c ============================================================
02:19:49.0118 0x0e9c Scan finished
02:19:49.0118 0x0e9c ============================================================
02:19:49.0138 0x0b18 Detected object count: 0
02:19:49.0138 0x0b18 Actual detected object count: 0

Was wir auch immer nun getrieben haben - meine Daten sind immer noch verschlüsselt

4.11 Uhr, hab den Papp auf! Die Scans haben zwar ergeben, dass keine Malware mehr vorhanden sein soll, aber in den Ordnern sind immer noch die HELP_DECRYPT.HTML, HELP_DECRYPT.PNG und HELP_DECRYPT.TXT zu finden.

Geändert von Roland500sel (03.04.2015 um 02:45 Uhr)

Alt 03.04.2015, 14:46   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Vermutlich Cryptowall Virus auf XP Rechner - Standard

Vermutlich Cryptowall Virus auf XP Rechner



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Logs bitte immer in Codetags posten. Und falls Du meinen Post nicht richtig gelesen hast:

Ein Entschlüsseln ist unmöglich!
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vermutlich Cryptowall Virus auf XP Rechner
ad-aware, adobe, antivir, avg, avira, browser, einstellungen, email, explorer, firefox, flash player, helper, home, homepage, langsam, mozilla, newtab, realtek, registry, rundll, services.exe, software, svchost.exe, virus, windows, windows xp



Ähnliche Themen: Vermutlich Cryptowall Virus auf XP Rechner


  1. Windows 7: Ransomware Cryptowall Virus HELP_DECRYPT
    Plagegeister aller Art und deren Bekämpfung - 09.07.2015 (18)
  2. Cryptowall Virus - Daten entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 02.07.2015 (5)
  3. Cryptowall Virus - Daten wiederherstellen
    Plagegeister aller Art und deren Bekämpfung - 12.06.2015 (8)
  4. Windows 7: Verschlüsselungs-Virus CryptoWall
    Log-Analyse und Auswertung - 03.05.2015 (7)
  5. Windows Vista incredibar-search ASK-Toolbar vermutlich Malware, Rechner sehr langsam
    Log-Analyse und Auswertung - 28.04.2015 (11)
  6. Ich habe vermutlich Adware, Spyware und Malware auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (27)
  7. vermutlich BKA Virus
    Log-Analyse und Auswertung - 11.08.2013 (9)
  8. Rechner vermutlich nicht sauber - crypt.epack.gen2
    Log-Analyse und Auswertung - 25.04.2013 (5)
  9. Facebook Virus - als .jpg getarnte .scr Datei - vermutlich Virus?
    Log-Analyse und Auswertung - 23.08.2011 (22)
  10. Rechner vermutlich mit SPYEYE oder ZEUS 2 befallen
    Log-Analyse und Auswertung - 06.07.2011 (16)
  11. Rechner booted immer wieder neu - vermutlich Virus JAVA/Dldr.Agent.L daran Schuld
    Plagegeister aller Art und deren Bekämpfung - 06.04.2010 (9)
  12. Vermutlich Rechner infiziert / Symptome genau wie M3driver
    Plagegeister aller Art und deren Bekämpfung - 21.12.2009 (2)
  13. Vermutlich Trojaner auf dem Rechner! Kann einer Helfen?
    Log-Analyse und Auswertung - 25.01.2008 (1)
  14. Vermutlich ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2007 (7)
  15. Log File von vermutlich infziertem Rechner
    Log-Analyse und Auswertung - 22.07.2007 (7)
  16. Infizierter Rechner! (Vermutlich tr spy.vbstat.b.1) Wer kann mir helfen?!?
    Mülltonne - 25.05.2007 (0)
  17. Langsamer Rechner, vermutlich Smitfraud-infektion
    Log-Analyse und Auswertung - 08.08.2006 (5)

Zum Thema Vermutlich Cryptowall Virus auf XP Rechner - Hallo Trojaner-Team, mein Name ist Roland und habe heute lauter unschöne Dokumente auf meinem Rechner gefunden. HELP_DECRYPT.HTML HELP_DECRYPT.PNG HELP_DECRYPT.TXT Ich vermute, dass sie mit dem Anhang einer Email eines Kunden - Vermutlich Cryptowall Virus auf XP Rechner...
Archiv
Du betrachtest: Vermutlich Cryptowall Virus auf XP Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.