| |
| |||||||
Log-Analyse und Auswertung: Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.09.2014, 18:54
| #1 |
| |  Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? Hallo, habe gestern in einer mail: "Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip" die .zip-Datei geöffnet. Das zip-programm wurde aber nicht gestartet. Es kam noch eine kurze Meldung. In etwa: "Änderungen werden erst nach einem Neustart aktiv" Ich habe die Befürchtung, dass jetzt ein Schadprogramm auf dem Rechner ist. Vielen Dank für eure Hilfe Tom FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by tom_2 (ATTENTION: The logged in user is not administrator) on LENO on 26-09-2014 18:03:01
Running from C:\Dokumente und Einstellungen\tom_2\Desktop
Loaded Profile: tom_2 (Available profiles: tom & tom_2 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) E:\Programme_Tom\avast\AvastSvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) E:\Programme_Tom\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) E:\Programme_Tom\avast\avastui.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(SlySoft, Inc.) E:\Programme_Tom\CloneCD\CloneCDTray.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RotateImage] => C:\Programme\RotateImage\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [StartCCC] => C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Programme_Tom\avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [CloneCDTray] => E:\Programme_Tom\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk
ShortcutTarget: Winsol_Autostart.lnk -> C:\Programme\Technische Alternative_temp\Winsol\Winsol.exe (Technische Alternative GmbH)
Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Programme\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme_Tom\avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme_Tom\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme_Tom\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://ftp-01.juwi.de/COM/MOVEitUploadWizard7.0.0.ocx
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1&systemid=413&v=a9397-124&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=2281384138734685&o=APN10649&q=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*'))%20%7B%20return%20'PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Programme_Tom\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\youtubeunblocker@unblocker.yt [2014-08-10]
FF Extension: Tradesignal Online Chart - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-04]
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Ghostery - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\firefox@ghostery.com.xpi [2014-01-12]
FF Extension: TrackMeNot - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-01-12]
FF Extension: Youtube and more - Easy Video Downloader - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\vdpure@link64.xpi [2014-03-23]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-08-10]
FF Extension: Readability - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2014-01-12]
FF Extension: NoScript - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-12]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-12]
FF Extension: BetterPrivacy - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-12]
FF Extension: Greasemonkey - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme_Tom\avast\WebRep\FF
FF Extension: avast! Online Security - E:\Programme_Tom\avast\WebRep\FF [2014-01-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-13]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme_Tom\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "TlntSvr" service could not be unlocked. <===== ATTENTION
Locked "WmiApRpl" service could not be unlocked. <===== ATTENTION
R2 avast! Antivirus; E:\Programme_Tom\avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [870672 2011-10-24] (Intel(R) Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
R2 JavaQuickStarterService; E:\Programme_Tom\Java\jre7\bin\jqs.exe [182696 2014-01-22] (Oracle Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-28] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-25] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [481552 2011-10-24] (Intel(R) Corporation)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [882960 2011-10-24] (Intel(R) Corporation)
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U875UVC; C:\WINDOWS\System32\DRIVERS\RCUVCMNP.sys [187776 2009-10-23] (Ricoh co.,Ltd.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-01-11] (Cisco Systems, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-13] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2011-09-20] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [250584 2011-10-20] (Intel Corporation)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-09] (GARMIN Corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7476864 2011-10-31] (Intel Corporation)
S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 18:03 - 2014-09-26 18:03 - 00020864 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.txt
2014-09-26 18:02 - 2014-09-26 18:03 - 00000000 ____D () C:\FRST
2014-09-26 18:01 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.exe
2014-09-25 17:25 - 2014-09-26 17:40 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-25 17:25 - 2014-09-25 17:25 - 00001806 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
2014-09-25 17:25 - 2014-09-25 17:25 - 00001800 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-25 17:25 - 2014-09-25 17:25 - 00000608 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00000438 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
2014-09-25 17:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-09-25 17:24 - 2014-09-25 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2014-09-25 17:24 - 2014-09-25 17:27 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-09-25 16:33 - 2014-09-25 16:34 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-09-25 14:58 - 2014-09-25 14:58 - 00048482 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip
2014-09-04 21:42 - 2014-09-04 21:43 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\mona_spain2014
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 18:03 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp
2014-09-26 17:47 - 2014-01-11 21:47 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-09-26 17:47 - 2014-01-09 20:20 - 00000000 ___RD () C:\Programme
2014-09-26 17:46 - 2014-01-09 21:05 - 00359993 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-26 17:42 - 2014-06-28 13:11 - 00000530 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job
2014-09-26 17:40 - 2014-07-25 19:15 - 00000041 ___SH () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
2014-09-26 17:40 - 2014-01-09 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-26 17:39 - 2014-01-12 19:13 - 00000334 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-26 17:39 - 2014-01-11 22:55 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 17:39 - 2014-01-09 21:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-26 17:39 - 2014-01-09 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-26 17:39 - 2014-01-09 20:18 - 00295664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-26 17:39 - 2001-08-18 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-25 17:30 - 2014-01-11 22:55 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 17:27 - 2014-01-09 21:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-09-25 17:25 - 2014-01-09 20:20 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-09-20 19:55 - 2014-06-15 14:27 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\vlc
2014-09-16 22:30 - 2014-01-09 21:10 - 00032490 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-16 18:01 - 2014-01-20 17:50 - 00451534 _____ () C:\WINDOWS\setupapi.log
2014-09-14 19:35 - 2014-01-13 21:04 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\vertrag
2014-09-13 23:16 - 2014-01-12 22:23 - 00000868 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Winsol.lnk
2014-09-13 22:18 - 2014-01-12 11:10 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom_2\ntuser.ini
2014-09-13 22:18 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2
2014-09-01 18:26 - 2014-08-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\Bogenschießen pcad4
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\BackupSetup.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\f.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\fp_pl_pfs_installer.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\JDSetup130502788374062500.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsb10A5.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsd109F.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsh109C.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsh1FA.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsi1FD.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsk10A2.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsm203.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsp200.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\PreExe_ID_13667.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\ReimageRepair.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by tom_2 at 2014-09-26 18:03:28
Running from C:\Dokumente und Einstellungen\tom_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D0DD9271-E741-B7B5-90F7-5A65DAD3C4D0}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Dutch (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help English (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help French (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help German (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Italian (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Japanese (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Korean (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Spanish (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Swedish (Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0825.2146.37182 - ATI) Hidden
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.64.15.0 - Conexant)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{D02220CE-1475-4F0F-9F12-251161999D53}) (Version: 6.16.2 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{C8005A7B-9638-41DD-B83B-AF277754E211}) (Version: 14.03.0000 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKCU\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (German) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MultiBit 0.5.16 (HKLM\...\MultiBit 0.5.16) (Version: 0.5.16 - )
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Stable 24.0.1558.64 (HKCU\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Skins (Version: 2010.0825.2146.37182 - ATI) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TA-Designer 1.08 (HKLM\...\TA-Designer_is1) (Version: 1.08 - Technische Alternative GmbH)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad Wireless LAN Adapter Software (HKLM\...\{556B23E2-30FF-4133-98F4-01494446DF2B}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winsol 2.01 (HKLM\...\Winsol_is1) (Version: 2.01 - Technische Alternative GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-18 13:00 - 2001-08-18 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => ?
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job => C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Anwendungsdaten\Programs\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => ?
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => ?
==================== Loaded Modules (whitelisted) =============
2014-01-12 19:13 - 2014-07-13 19:25 - 00301152 _____ () E:\Programme_Tom\avast\aswProperty.dll
2014-09-26 17:42 - 2014-09-26 17:42 - 02867200 _____ () E:\Programme_Tom\avast\defs\14092600\algo.dll
2014-09-25 17:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-25 17:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-25 17:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-25 17:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-25 17:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-12 19:13 - 2014-07-13 19:25 - 19329904 _____ () E:\Programme_Tom\avast\libcef.dll
2012-08-10 17:51 - 2014-01-19 19:14 - 00985088 _____ () C:\Programme\OpenOffice.org 3\program\libxml2.dll
2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2010-08-26 18:15 - 2010-08-26 18:15 - 00016384 ____R () C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 22:44 - 2010-08-25 22:44 - 00270336 _____ () C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS:D5FDA57425BD8A82
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-507921405-776561741-1417001333-500 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\Administrator
ASPNET (S-1-5-21-507921405-776561741-1417001333-1005 - Enabled - Status: OK)
Gast (S-1-5-21-507921405-776561741-1417001333-501 - Disabled - Status: Degraded)
Hilfeassistent (S-1-5-21-507921405-776561741-1417001333-1000 - Disabled - Status: Degraded)
SUPPORT_388945a0 (S-1-5-21-507921405-776561741-1417001333-1002 - Disabled - Status: Degraded)
tom (S-1-5-21-507921405-776561741-1417001333-1003 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\tom
tom_2 (S-1-5-21-507921405-776561741-1417001333-1004 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\tom_2
==================== Faulty Device Manager Devices =============
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ThinkPad Bluetooth with Enhanced Data Rate II
Description: ThinkPad Bluetooth with Enhanced Data Rate II
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Modemgerät auf High Definition Audio-Bus
Description: Modemgerät auf High Definition Audio-Bus
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/26/2014 05:40:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (09/14/2014 02:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung syntpenh.exe, Version 16.2.19.13, fehlgeschlagenes Modul syntpenh.exe, Version 16.2.19.13, Fehleradresse 0x000a5f72.
Das medienspezifische Ereignis für [syntpenh.exe!ws!] wird verarbeitet.
Error: (08/15/2014 02:12:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 31.0.0.5310, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/23/2014 06:59:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/19/2014 11:27:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.
.
Error: (06/28/2014 01:10:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: LENO)
Description: Produkt: Google SketchUp 8 -- Sie können dieses Produkt nur als Administrator installieren.
Error: (06/25/2014 02:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/25/2014 02:09:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/25/2014 02:08:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/01/2014 09:21:20 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.
.
System errors:
=============
Error: (09/26/2014 05:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 05:39:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.
Error: (09/26/2014 05:39:24 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2
Error: (09/20/2014 09:01:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst stisvc.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 3065.95 MB
Available physical RAM: 2216.35 MB
Total Pagefile: 4951.58 MB
Available Pagefile: 4164.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:13.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:90.45 GB) (Free:53.54 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-26 19:40:40
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_HTS542516K9SA00 rev.BBCZC3HP 149,05GB
Running: Gmer-19357.exe; Driver: C:\DOKUME~1\tom\LOKALE~1\Temp\pxtdapog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAB948BA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAB949684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAB98DD80]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAB9556F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAB955744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAB9558DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAB98D734]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAB955666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAB955788]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAB9556AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAB949BBA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAB955898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAB94A472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAB948C0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAB98E446]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAB98E6FC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAB94DC68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAB98E2B1]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAB98E11C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAB9487F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xABBECED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAB948C72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAB94E05E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAB94AF5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAB955722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAB955766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAB955902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAB98DA90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAB95568C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAB94D560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAB955816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAB9556D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAB94D94C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAB9558BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xABBECC6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAB98DF97]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAB94ADCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAB98DDE9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAB94A924]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xABBFAE1A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAB98CD77]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAB948CD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAB948D3E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAB94A2EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAB948892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAB948A64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAB98E54D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAB9489F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAB94A63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAB94A79E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAB948AEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAB94A12A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAB94A2CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAB948DA4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAB9496E0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2E88 80504714 4 Bytes JMP AAFBDFF6
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [D8, 8C, 94, AB, 3E, 8D, 94, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [3C, A6, 94, AB, 9E, A7, 94, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL AB94B62B \SystemRoot\system32\drivers\aswSnx.sys
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8FEC000, 0x273B67, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[112] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[320] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.bin[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.bin[512] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[996] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\Java\jre7\bin\jqs.exe[1888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\Java\jre7\bin\jqs.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[1944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\avast\AvastSvc.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\avast\AvastSvc.exe[1976] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Programme_Tom\avast\AvastSvc.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2456] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\RotateImage\RCIMGDIR.exe[2684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\RotateImage\RCIMGDIR.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2772] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\avast\AvastUI.exe[2780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\avast\AvastUI.exe[2780] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Programme_Tom\avast\AvastUI.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\CloneCD\CloneCDTray.exe[2908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\CloneCD\CloneCDTray.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3132] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3188] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3804] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe[3836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.exe[3964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 78133
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@LeaseObtainedTime 1411750849
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@T1 1411752649
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@T2 1411753999
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@LeaseTerminatesTime 1411754449
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@LeaseObtainedTime 1411750849
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@T1 1411752649
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@T2 1411753999
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@LeaseTerminatesTime 1411754449
---- EOF - GMER 2.1 ----
|
|
26.09.2014, 19:04
| #2 |
| /// the machine /// TB-Ausbilder    | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? hi,
__________________bitte nochmal scannen, unsere Tools brauchen immer Adminrechte.
__________________ |
|
26.09.2014, 21:05
| #3 |
| | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? vom Admindesktop aus gestartet:
__________________Da logfiles zu lang, hier nur FRST.txt u. Addition.txt Alle logfiles (FRST, Addition, Gmer) dann zusammen als Anhang. FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by tom (administrator) on LENO on 26-09-2014 21:04:25
Running from C:\Dokumente und Einstellungen\tom\Desktop
Loaded Profiles: tom & tom_2 (Available profiles: tom & tom_2 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) E:\Programme_Tom\avast\AvastSvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) E:\Programme_Tom\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) E:\Programme_Tom\avast\avastui.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(SlySoft, Inc.) E:\Programme_Tom\CloneCD\CloneCDTray.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe
(AVAST Software) E:\Programme_Tom\avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RotateImage] => C:\Programme\RotateImage\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [StartCCC] => C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Programme_Tom\avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [CloneCDTray] => E:\Programme_Tom\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk
ShortcutTarget: Winsol_Autostart.lnk -> C:\Programme\Technische Alternative_temp\Winsol\Winsol.exe (Technische Alternative GmbH)
Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Programme\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme_Tom\avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme_Tom\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme_Tom\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://ftp-01.juwi.de/COM/MOVEitUploadWizard7.0.0.ocx
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default
FF SearchEngineOrder.1: Amazon
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_39185cd2c735440b8bf0e2bc3b685f0b_39_1007_20140116_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Programme_Tom\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Tradesignal Online Chart - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-02-14]
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-27]
FF Extension: Ghostery - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\firefox@ghostery.com.xpi [2014-01-11]
FF Extension: TrackMeNot - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-01-11]
FF Extension: Readability - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2014-01-11]
FF Extension: NoScript - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-11]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11]
FF Extension: BetterPrivacy - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11]
FF Extension: Greasemonkey - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme_Tom\avast\WebRep\FF
FF Extension: avast! Online Security - E:\Programme_Tom\avast\WebRep\FF [2014-01-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-13]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme_Tom\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; E:\Programme_Tom\avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [870672 2011-10-24] (Intel(R) Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
R2 JavaQuickStarterService; E:\Programme_Tom\Java\jre7\bin\jqs.exe [182696 2014-01-22] (Oracle Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-28] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-25] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [481552 2011-10-24] (Intel(R) Corporation)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [882960 2011-10-24] (Intel(R) Corporation)
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U875UVC; C:\WINDOWS\System32\DRIVERS\RCUVCMNP.sys [187776 2009-10-23] (Ricoh co.,Ltd.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-01-11] (Cisco Systems, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-13] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2011-09-20] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [250584 2011-10-20] (Intel Corporation)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-09] (GARMIN Corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7476864 2011-10-31] (Intel Corporation)
S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 pxtdapog; \??\C:\DOKUME~1\tom\LOKALE~1\Temp\pxtdapog.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 21:02 - 2014-09-26 21:04 - 00017776 _____ () C:\Dokumente und Einstellungen\tom\Desktop\FRST.txt
2014-09-26 21:02 - 2014-09-26 18:19 - 00380416 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Gmer-19357.exe
2014-09-26 21:02 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom\Desktop\FRST.exe
2014-09-26 19:40 - 2014-09-26 19:40 - 00026307 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer.txt
2014-09-26 18:38 - 2014-09-26 18:19 - 00380416 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe
2014-09-26 18:35 - 2014-09-26 18:35 - 00049698 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Neu Textdokument.txt
2014-09-26 18:03 - 2014-09-26 21:01 - 00002773 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.txt
2014-09-26 18:03 - 2014-09-26 18:03 - 00021970 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Addition.txt
2014-09-26 18:02 - 2014-09-26 21:04 - 00000000 ____D () C:\FRST
2014-09-26 18:01 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.exe
2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Startmenü\Programme
2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Startmenü
2014-09-25 17:25 - 2014-09-26 17:40 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-25 17:25 - 2014-09-25 17:25 - 00001806 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
2014-09-25 17:25 - 2014-09-25 17:25 - 00001800 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-25 17:25 - 2014-09-25 17:25 - 00000608 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00000438 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
2014-09-25 17:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-09-25 17:24 - 2014-09-25 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2014-09-25 17:24 - 2014-09-25 17:27 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-09-25 16:33 - 2014-09-25 16:34 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-09-25 14:58 - 2014-09-25 14:58 - 00048482 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip
2014-09-04 21:42 - 2014-09-04 21:43 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\mona_spain2014
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 21:04 - 2014-01-09 21:18 - 00000000 ____D () C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp
2014-09-26 21:00 - 2014-01-20 17:00 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2014-09-26 21:00 - 2014-01-20 17:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
2014-09-26 21:00 - 2014-01-09 21:05 - 00361295 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-26 20:59 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp
2014-09-26 20:30 - 2014-01-11 22:55 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 19:43 - 2014-01-09 21:18 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom\ntuser.ini
2014-09-26 19:27 - 2014-01-12 19:13 - 00000334 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-26 17:47 - 2014-01-11 21:47 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-09-26 17:47 - 2014-01-09 20:20 - 00000000 ___RD () C:\Programme
2014-09-26 17:42 - 2014-06-28 13:11 - 00000530 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job
2014-09-26 17:40 - 2014-07-25 19:15 - 00000041 ___SH () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
2014-09-26 17:40 - 2014-01-09 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-26 17:39 - 2014-01-11 22:55 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 17:39 - 2014-01-09 21:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-26 17:39 - 2014-01-09 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-26 17:39 - 2014-01-09 20:18 - 00295664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-26 17:39 - 2001-08-18 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-25 17:27 - 2014-01-09 21:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-09-25 17:25 - 2014-01-09 20:20 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-09-20 19:55 - 2014-06-15 14:27 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\vlc
2014-09-16 22:30 - 2014-01-09 21:10 - 00032490 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-16 18:01 - 2014-01-20 17:50 - 00451534 _____ () C:\WINDOWS\setupapi.log
2014-09-14 19:35 - 2014-01-13 21:04 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\vertrag
2014-09-13 23:16 - 2014-01-12 22:23 - 00000868 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Winsol.lnk
2014-09-13 22:18 - 2014-01-12 11:10 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom_2\ntuser.ini
2014-09-13 22:18 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2
2014-09-01 18:26 - 2014-08-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\Bogenschießen pcad4
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\Bootstrapper.exe
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperARA.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperARU.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperCHS.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperCHT.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperCSY.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperDAN.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperDEU.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperELL.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperENU.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperESN.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperESP.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperFIN.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperFRA.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperHEB.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperHRV.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperHUN.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperITA.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperJPN.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperKOR.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperLOC.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperNLD.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperNOR.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperPLK.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperPTB.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperPTG.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperRUS.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperSKY.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperSLV.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperSVE.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperTHA.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperTRK.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\BootstrapperUKR.dll
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\dotnetfx35setup.exe
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\GarminInstall.exe
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\ose00000.exe
C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\Temp\ose00001.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\BackupSetup.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\f.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\fp_pl_pfs_installer.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\JDSetup130502788374062500.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsb10A5.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsd109F.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsh109C.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsh1FA.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsi1FD.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsk10A2.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsm203.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsp200.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\PreExe_ID_13667.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\ReimageRepair.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by tom at 2014-09-26 21:04:53
Running from C:\Dokumente und Einstellungen\tom\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D0DD9271-E741-B7B5-90F7-5A65DAD3C4D0}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Dutch (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help English (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help French (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help German (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Italian (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Japanese (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Korean (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Spanish (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Swedish (Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0825.2146.37182 - ATI) Hidden
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.64.15.0 - Conexant)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{D02220CE-1475-4F0F-9F12-251161999D53}) (Version: 6.16.2 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{C8005A7B-9638-41DD-B83B-AF277754E211}) (Version: 14.03.0000 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (German) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MultiBit 0.5.16 (HKLM\...\MultiBit 0.5.16) (Version: 0.5.16 - )
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Skins (Version: 2010.0825.2146.37182 - ATI) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TA-Designer 1.08 (HKLM\...\TA-Designer_is1) (Version: 1.08 - Technische Alternative GmbH)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad Wireless LAN Adapter Software (HKLM\...\{556B23E2-30FF-4133-98F4-01494446DF2B}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winsol 2.01 (HKLM\...\Winsol_is1) (Version: 2.01 - Technische Alternative GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{00b0ee2c-59c1-43be-ba76-d9a2a0f13d67}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{012bd195-3e39-43b8-aa5f-3eec93e970e7}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{02975081-fce6-477a-a71f-f80f792b5ca3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0470cf12-af8c-4e9f-8d90-b5df5bffae4a}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{05622b83-d5c9-4b3a-80e3-cbe74d577b5e}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{05b02656-ba14-413d-86aa-c0fcfc5b9c06}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{05bf3e13-e003-44b7-9e17-c57377279610}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{05dcd034-3e9b-47dd-b6fa-f0eb4918cc6f}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0a994305-2b1a-4057-a0e0-59261f15aadc}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0b0567e3-73f9-4cce-982d-74628a5a9ebd}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0bbb58db-7f28-46dd-a606-3c69f90cfa89}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0C57F534-B38F-47B9-88E9-9052D8133598}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0E0065CE-F66B-4A7E-9AA2-630CAE4280C0}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{0fb4692d-a642-4a8d-8645-3ebfadc64f12}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1021e753-9c90-4106-bf5a-9b23ffc592a0}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{10f1dca6-7512-47d1-9d13-f0d4a56d26ff}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{12F20937-8629-4fb4-AF78-B98F62887354}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1449ec32-4280-4a42-a5aa-d6df162dcb6c}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{14a26521-c26a-43a6-858c-fadf0435e762}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{14f3e336-e64b-4be4-a2ab-70c00d0fd417}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{153e2ff3-0e7e-429c-9f80-7bbdef0c38df}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{15942cb0-f6c0-4590-95e3-61ef3c0c5c02}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{16f855f3-2b7f-4030-8f83-6e935ef4e02d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1872b0cb-bb08-4ce4-a11e-5f405392b47b}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{18e64eb8-f0b0-4529-81cd-3e105f78e6bb}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{18e92e10-a6f9-440d-90ec-17db4018bbd7}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1909cade-a60d-4d3f-b7da-a7608f448a24}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{19ecab69-193f-48be-962e-4b5c1c03a0a0}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1c59c0f0-6159-4338-ba1f-233b5bae9439}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1d2953c1-2e83-4876-9c24-13445c330257}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafltso.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{1f7d218c-e4dc-48d2-9856-4dfe1beaa3ea}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2054f758-3079-471e-b9f8-d86e9cdabcc6}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{236bafdd-28d9-49ee-b9d2-45e75d849b49}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{237bc814-510f-4859-98c4-b5dbc94deb8d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2426a78d-2148-475b-adff-f310da056d1d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{253afca5-1903-4d1e-a333-c6ea40fb2646}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{281FB083-FBCF-441E-A10D-6988C0510D7A}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2a3d9961-6e65-48f8-8bd4-8c5825582f93}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2a996f89-f686-4f5f-ae4b-200c3ae40eff}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2b2aba1b-43c0-47b3-9fb7-53d9316ce24e}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2b936313-63ed-41a0-aa23-d594f82148ce}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2cd8be61-134a-43f7-a4be-f0cbfc647d3a}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2ceef935-f011-459d-ad59-e06d33c29fd6}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{2ee1b1ff-f119-4334-bf61-0ef45a2e5627}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{30536F12-5AB4-401B-A29E-7A540791DBB3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{31F52CB0-76DB-49e1-AB10-263BC84BEF30}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{3281e363-296c-4fca-b01a-0e1ff7b257d9}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{33461d16-4789-4ce7-a412-21f399ade20e}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{34C14FD4-341D-4C4E-84C8-5A8220D89E8B}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{36398f96-b1a8-4b0f-8cec-78cbf15ae18f}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{390C2C1F-D1AE-4690-B6AD-DAE31D707A10}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{39243e3f-b9b6-47d9-ba72-628ca8355d13}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{3a6c42c1-139d-42b2-9c2e-9a6d8944b7a8}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{3b7be159-9680-4b8e-8235-de9cfa004549}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{3C1282D5-607D-428A-BD9C-A966881763D1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{3c8cc751-5cd7-4f75-87ef-c11845882093}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{3dec6fd2-77f2-4fc0-935f-74ed3bde9768}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{42218562-e3f8-4918-a63b-0757e5ead097}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{42dc7249-0cf2-412a-b036-b1f2dddfa026}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{42F69FFF-1928-4505-BF18-F8B7BA1DA4EE}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{43c51ba0-b5e2-4595-81e7-859e18250092}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{443070d0-0754-49da-8d47-d8bf39689abc}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{4AA11109-6BCB-4EFE-8813-3D3FD64A9D6F}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{4bfe0e36-20f5-4c95-b3ea-7109107921ab}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{4e1a4ad3-4b2d-4fdb-b103-cf45d52f55f7}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{506B7C49-70BB-40C8-B86F-6D2E2C534D13}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{53113c0e-6120-4069-9780-2c1bf90403a6}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{535caa5b-90de-41c8-825a-54bb4d6aa699}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{553b619e-74de-4b0f-9bf1-849635b7b8fa}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{558A2603-7D7B-466C-8695-8326F88076B0}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{567bff96-ff29-4259-b0e5-e44c9146af70}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{5782d2c9-1bc1-41f7-8dd1-0716dfb4ae9e}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{57B7C71B-4DD9-49A2-A63C-06792875C4DD}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{581ce547-68ae-45c8-96a8-c0ed9180bd2b}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{59E0BA74-EC6F-4E27-B184-1FB63E1B6B08}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{59EC2554-75DD-4FCF-B137-FA7A2ACD8630}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{5a7a02c3-f206-4fee-839e-c2e24a3bb246}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{5c2cf47a-0041-4b36-b36a-33590ee74438}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{5c4e953f-8449-40ed-a27a-f7dad261d778}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{5d0b943d-84dd-480d-9ad1-e61655fdf508}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{643f30e5-d854-4aa4-8e38-202bea1d74aa}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6651ed86-c709-4f71-9a62-279f51ceef82}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{66ae6ee0-5ce3-4306-9454-693691e2853c}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{66ce58b3-90e7-4f1e-85f7-421857c7f0ab}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6743ab95-0470-4d05-bc89-9f8bd8ebb3b1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{676127e2-b374-447b-a038-e8754f8ea152}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{690d6816-0320-4477-a267-93c8471ec45d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{693c1a21-4f43-4877-a97d-f4de32268500}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{69DDE904-81FE-4CDB-89C4-23819412753E}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6A0724FC-C92D-4F77-9D34-82BB69098D92}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6a982573-9f1b-4a8e-aa93-9d7942255552}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6b07ec8b-bf99-44ee-bf48-d385a43d852d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6be3842c-75c4-420f-ad97-bc21f0e7d1cd}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6d39efb7-d2e9-4dde-bcfe-3fd05aac8f76}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{6ef9c186-6a3f-41bb-8f72-c9a77c26d2f8}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{716fe29c-eb0f-4379-837d-2c7b84dc8d81}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{71b1f93a-80be-45be-b86a-fcfa4006def1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{7561EFE8-AB22-47F8-B094-EF9D66CD746C}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{766c5c32-30fc-41cc-b33b-f8b4e80828a4}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafltso.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{77f1de51-8e39-497b-875a-003d06611373}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{7ae727fc-f522-4727-aff7-d89279a03fec}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{7b3d1cde-566c-4506-a3b4-d3142c6f4ea5}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafltso.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{7c0bc72e-8696-4ac8-b4c8-2d5855dbe6d4}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{7d1ce77d-85d4-44f9-82ec-3b362e78b1a2}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{83727aa9-47a2-420e-8d80-b4b46c86defa}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{841129DF-1161-4622-B275-36FC8F0ED0B6}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{857cd71e-f510-4ae1-80c5-ff82848c59a5}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{859E0E86-1A29-49E5-A840-D16D01E718DE}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{8606057d-e586-4622-a818-fad6ff3c7751}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{86bebae0-2886-4a11-9821-7c0074b812fa}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{86e38458-63a8-47c5-b64d-9b0b1b0ed20d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{86f33a5d-178c-4085-b6e9-2f535619821c}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{880111A3-4539-48AA-AFE7-AD7EB2290989}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{8aa17c4e-0b4f-425b-8623-6beb2c5365b3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{8b04e59a-989e-4870-ad41-5305dab1b820}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{8c0d3fc1-ea27-411e-85c2-bd659673e5b9}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{8C4E53B3-7080-4FD5-9578-E377CB03C02E}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{8DCF78D5-37B4-49B9-B523-313792F62940}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{90570b26-a31e-4df3-855b-fc9e06ee08f3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{90e1a762-dc43-4c40-b673-dbc94150150d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{922c49dd-67e7-41ff-a88e-c80bc770889f}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9522bd09-aae7-417b-a696-3be1d17243ad}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9680ad55-9305-437a-a6da-559bcc54f7ed}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9a4774f4-e1a6-4acc-82d1-ea33e75f0557}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9a741cdc-85f3-40c9-a3f8-bcb6ab078c95}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9a8b11c4-1b47-41e8-9d52-7d5f6f3b550a}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9AA2AC43-59E0-4BFF-A56B-1B2E52E7C459}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9b9578b1-3a41-482d-ac4f-9e0396d356a3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{9efd67db-12e0-4715-abf0-4db16ed6deba}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{a04c89c7-ac16-4612-95ff-62634dc1c4a6}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{a2ce977c-b1cb-40cc-9df6-5c17ebd61ffb}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{A2CF613D-47E5-4AA4-88A1-5E92FE7C73E8}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{A4BC9939-988D-45F4-8895-8EE632F95162}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{a8dc19c9-b4e9-48e1-8234-673a3fde9e64}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{a909db7b-63a6-457a-84e0-9d0080c2bdc9}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{abe2740f-fda8-4013-a22d-cff81ddd43bd}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ace92cbc-012a-4a11-8554-c421783284c1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{aeb3748a-be24-4513-b602-b09b0cced891}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{af1e5d46-a457-4eb0-9985-21655c5429a7}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{B2B2638A-970C-44e9-AD04-6FEA1464DBB0}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{b3815392-7195-4563-b665-0f3f0f1f2024}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{b556e84f-5ccb-4bf8-8b6a-6dc852c80fb1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{b71c65d9-4770-49b1-9596-ad648480d54a}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{b8b084fe-6f23-4d86-b5df-5d824d3053eb}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{B93685FD-8BB3-478A-B556-A76B29A23388}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{BA79A720-29BF-4131-AB35-957170FCC787}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{BAC1DD60-5218-4864-87B6-23C034052D72}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{bc590c84-c184-4470-a7f9-e5608933817a}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{BC7CDB29-F836-46E0-AAE1-0C5ED1CEDE00}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{BF3B5551-4F12-45C3-99E8-17B6D1BC855D}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{bfd72d08-f4c5-4d41-94ce-68bcda840a5b}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{C320DA55-3F86-4736-BFD2-1928A9EE0F32}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{c4fd8a3c-4f38-4c22-b89f-8dc8a0a1c9cd}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{c5be0582-f0bb-4dc1-a196-ed2a49306247}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{c702bd8a-674b-448b-b942-cb5c1851eab5}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{c7d967e7-b7bb-4222-bf8e-2db96653378d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{c8418ed3-2a3e-4a37-9492-708b8779b70d}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{c8544b1f-2e66-470d-a8cc-05db6ae97b87}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{cd03d49c-91fc-44d7-90eb-b24490b1e0fd}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{CD362280-6362-40A8-95BB-22BD276C225C}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ce0bcadf-033d-4f34-a8c3-35016b3c28ca}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{cefb769f-f45e-45ab-b8ad-4baf516fddc6}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{cf02bf0e-2f14-4679-bf07-c1616b25fde5}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{CF90C009-D182-477A-BAFE-F7369C3B1214}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d0b567b6-6583-4333-afce-71473e9c6f34}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d0d54c31-1ea8-4a6b-95e9-479ed4cb7049}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{D137584D-912A-4661-AD6D-136263FAA7CC}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d1c7546c-ce93-4a51-ac0f-1be109831484}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d1df2f2d-92d3-46da-b186-d949d606dc33}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d2d8aabe-60fc-4980-8fcf-6ba265e6c037}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d4093cf2-8274-4dd5-b13c-722073f07c9c}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d46f6937-1143-47a3-bd00-fb426f491976}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d5612537-c106-4df7-b96f-cd17dae22dc5}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d5961eea-b3c8-4f7e-95c0-3ee0d12f2de8}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d608f606-8e79-40b3-906c-81f254281182}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{D825ABA2-2A79-4E23-A3C8-6ABF231CF8A3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{d83bcf3d-5cbe-4b4a-85f6-ab111845d75a}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{da3108d3-9ae8-4b74-946d-86f550fdadd1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{dca7fa4b-dbe4-405e-9950-f14ec9f55861}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{dcf77455-a2c0-4d96-b3e0-3f223df6d4c2}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{E03BFE68-27E3-4390-ACC0-0F92741519C2}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e0662552-43c0-4fa0-9abc-1d448a169886}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e0b54aee-5444-4389-bd8d-5aa9373a8dd7}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{E0D42F45-B87D-470b-A8B8-7114DE90F376}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e0e57326-6830-4876-9a3a-3d30e7ac93aa}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e2a97f6a-87c4-4ef7-865d-b89805423f54}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e2d6102f-73da-4586-b90e-7aca891f73a0}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e5b2623a-1f6e-4e40-a0d0-4b0a76d5f22f}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{e85570b4-b6ae-48ba-a03e-14b2223b58fe}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ec006915-33ce-46a4-8f82-0ed969821d15}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ec740246-b885-4bf7-997c-d5913c62a389}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ecf93d87-71d0-4888-abd8-76750f7a316b}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ed004054-bba9-4bf8-a040-bb7af962fef1}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ed6db247-08fe-43a5-9111-0a364ad50140}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ee435c57-c501-40b8-9406-de93209bfba4}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{EE706FA5-697B-4702-BBB7-408A56BC50B4}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{ef43392c-a66b-4af2-a8bf-7a2b793e0b4b}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{f5549980-68c3-485d-97ab-17b4b1704130}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{f85b09b1-583c-4498-a4b2-bc9dbff6fdfc}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{F9C0126F-C3A0-45AD-910D-B76893787EEF}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{f9f377a9-a668-49ee-bd9c-1e9588869b3b}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{fadd96ed-33a1-4a41-9fe3-92c51fb02f7f}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{fd639f94-a5fd-44ce-973a-432c84938fca}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{fd947993-d348-4e4c-8a22-eb73c9b35b99}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{fdff2fd5-5a94-473f-b2c7-53d11da057fd}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{fe6aa108-8d2a-40f6-b54a-eac1ec9d1237}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{FE8B9AD2-39B8-420D-B8E1-9403E47D5F74}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{FF12BBD2-1DA6-41C6-B12C-EC6709805865}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{FFDC998A-64E9-451E-A364-FE19C7EB88E3}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{uuidCAFLSecurityCatalogueGroupTypeRequest}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-507921405-776561741-1417001333-1004_Classes\CLSID\{uuidCAFLSecurityCatalogueRequest}\InprocServer32 -> C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
==================== Restore Points =========================
09-06-2014 18:51:20 Systemprüfpunkt
10-06-2014 18:53:17 Systemprüfpunkt
15-06-2014 13:02:36 Installed Garmin MapSource
16-06-2014 19:22:47 Systemprüfpunkt
22-06-2014 18:07:20 Systemprüfpunkt
25-06-2014 01:11:12 Systemprüfpunkt
28-06-2014 11:14:33 SketchUp 2014 wurde entfernt
28-06-2014 11:20:33 Google SketchUp 8 wurde installiert
30-06-2014 16:19:29 Systemprüfpunkt
08-07-2014 19:45:39 Systemprüfpunkt
12-07-2014 08:29:57 Systemprüfpunkt
13-07-2014 17:25:09 avast! antivirus system restore point
20-07-2014 13:05:07 Systemprüfpunkt
27-07-2014 10:08:06 Systemprüfpunkt
10-08-2014 09:56:53 Systemprüfpunkt
13-08-2014 06:55:49 Installed Windows KB954550-v5.
13-08-2014 06:56:02 Druckertreiber Microsoft XPS Document Writer installiert
13-08-2014 06:56:12 Druckertreiber Microsoft XPS Document Writer installiert
13-08-2014 06:59:29 Installed %1 %2.
14-08-2014 08:59:25 Systemprüfpunkt
17-08-2014 10:57:42 Systemprüfpunkt
18-08-2014 19:08:08 Systemprüfpunkt
23-08-2014 21:03:19 Systemprüfpunkt
25-08-2014 13:46:08 Systemprüfpunkt
26-08-2014 14:13:03 Systemprüfpunkt
03-09-2014 15:44:35 Systemprüfpunkt
13-09-2014 20:05:40 Systemprüfpunkt
20-09-2014 18:25:00 Systemprüfpunkt
26-09-2014 17:38:34 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-18 13:00 - 2001-08-18 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => E:\Programme_Tom\avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job => C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Anwendungsdaten\Programs\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2014-01-12 19:13 - 2014-07-13 19:25 - 00301152 _____ () E:\Programme_Tom\avast\aswProperty.dll
2014-09-26 17:42 - 2014-09-26 17:42 - 02867200 _____ () E:\Programme_Tom\avast\defs\14092600\algo.dll
2014-09-25 17:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-25 17:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-25 17:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-25 17:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-25 17:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-12 19:13 - 2014-07-13 19:25 - 19329904 _____ () E:\Programme_Tom\avast\libcef.dll
2012-08-10 17:51 - 2014-01-19 19:14 - 00985088 _____ () C:\Programme\OpenOffice.org 3\program\libxml2.dll
2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2010-08-26 18:15 - 2010-08-26 18:15 - 00016384 ____R () C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 22:44 - 2010-08-25 22:44 - 00270336 _____ () C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS:D5FDA57425BD8A82
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-507921405-776561741-1417001333-500 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\Administrator
ASPNET (S-1-5-21-507921405-776561741-1417001333-1005 - Enabled - Status: OK)
Gast (S-1-5-21-507921405-776561741-1417001333-501 - Disabled - Status: Degraded)
Hilfeassistent (S-1-5-21-507921405-776561741-1417001333-1000 - Disabled - Status: Degraded)
SUPPORT_388945a0 (S-1-5-21-507921405-776561741-1417001333-1002 - Disabled - Status: Degraded)
tom (S-1-5-21-507921405-776561741-1417001333-1003 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\tom
tom_2 (S-1-5-21-507921405-776561741-1417001333-1004 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\tom_2
==================== Faulty Device Manager Devices =============
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ThinkPad Bluetooth with Enhanced Data Rate II
Description: ThinkPad Bluetooth with Enhanced Data Rate II
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Modemgerät auf High Definition Audio-Bus
Description: Modemgerät auf High Definition Audio-Bus
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/26/2014 09:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung frst.exe, Version 26.9.2014.0, fehlgeschlagenes Modul frst.exe, Version 26.9.2014.0, Fehleradresse 0x0001f440.
Das medienspezifische Ereignis für [frst.exe!ws!] wird verarbeitet.
Error: (09/26/2014 09:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung frst.exe, Version 26.9.2014.0, fehlgeschlagenes Modul frst.exe, Version 26.9.2014.0, Fehleradresse 0x0001f09e.
Das medienspezifische Ereignis für [frst.exe!ws!] wird verarbeitet.
Error: (09/26/2014 05:40:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (09/14/2014 02:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung syntpenh.exe, Version 16.2.19.13, fehlgeschlagenes Modul syntpenh.exe, Version 16.2.19.13, Fehleradresse 0x000a5f72.
Das medienspezifische Ereignis für [syntpenh.exe!ws!] wird verarbeitet.
Error: (08/15/2014 02:12:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 31.0.0.5310, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/23/2014 06:59:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/19/2014 11:27:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.
.
Error: (06/28/2014 01:10:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: LENO)
Description: Produkt: Google SketchUp 8 -- Sie können dieses Produkt nur als Administrator installieren.
Error: (06/25/2014 02:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/25/2014 02:09:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
System errors:
=============
Error: (09/26/2014 07:36:47 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:36:11 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:35:58 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:35:32 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:35:08 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:35:04 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:34:17 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:33:38 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:31:49 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Error: (09/26/2014 07:31:48 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 3065.95 MB
Available physical RAM: 2143.45 MB
Total Pagefile: 4951.58 MB
Available Pagefile: 3995.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:13.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:90.45 GB) (Free:53.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 44444444)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
27.09.2014, 19:16
| #4 |
| /// the machine /// TB-Ausbilder | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.09.2014, 19:44
| #5 |
| | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? TDSSKiller ist mit 6 Threats durchgelaufen Code:
ATTFilter 20:36:46.0109 0x00dc TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:36:50.0750 0x00dc ============================================================
20:36:50.0750 0x00dc Current date / time: 2014/09/27 20:36:50.0750
20:36:50.0750 0x00dc SystemInfo:
20:36:50.0750 0x00dc
20:36:50.0750 0x00dc OS Version: 5.1.2600 ServicePack: 3.0
20:36:50.0750 0x00dc Product type: Workstation
20:36:50.0750 0x00dc ComputerName: LENO
20:36:50.0765 0x00dc UserName: tom
20:36:50.0765 0x00dc Windows directory: C:\WINDOWS
20:36:50.0765 0x00dc System windows directory: C:\WINDOWS
20:36:50.0765 0x00dc Processor architecture: Intel x86
20:36:50.0765 0x00dc Number of processors: 2
20:36:50.0765 0x00dc Page size: 0x1000
20:36:50.0765 0x00dc Boot type: Normal boot
20:36:50.0765 0x00dc ============================================================
20:36:55.0203 0x00dc KLMD registered as C:\WINDOWS\system32\drivers\38792412.sys
20:36:56.0953 0x00dc System UUID: {1610DD93-AAF3-2EC3-A7F8-B927921D845B}
20:36:59.0953 0x00dc Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:36:59.0953 0x00dc ============================================================
20:36:59.0953 0x00dc \Device\Harddisk0\DR0:
20:36:59.0953 0x00dc MBR partitions:
20:36:59.0953 0x00dc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x75300B1
20:36:59.0968 0x00dc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x753012F, BlocksNum 0xB4E4AD1
20:36:59.0968 0x00dc ============================================================
20:37:00.0000 0x00dc C: <-> \Device\Harddisk0\DR0\Partition1
20:37:00.0046 0x00dc E: <-> \Device\Harddisk0\DR0\Partition2
20:37:00.0046 0x00dc ============================================================
20:37:00.0046 0x00dc Initialize success
20:37:00.0046 0x00dc ============================================================
20:37:33.0062 0x0e64 ============================================================
20:37:33.0062 0x0e64 Scan started
20:37:33.0062 0x0e64 Mode: Manual;
20:37:33.0062 0x0e64 ============================================================
20:37:33.0062 0x0e64 KSN ping started
20:37:33.0109 0x0e64 KSN ping finished: false
20:37:34.0046 0x0e64 ================ Scan system memory ========================
20:37:34.0046 0x0e64 System memory - ok
20:37:34.0046 0x0e64 ================ Scan services =============================
20:37:34.0484 0x0e64 [ 42B72495B6D3390EC54850D8036A7D7C, 082255CD6ABF16168B4F502BC2EECD236E1D288EC1A0C06A507E135FBAE5B8DA ] 5U875UVC C:\WINDOWS\system32\DRIVERS\RCUVCMNP.sys
20:37:34.0593 0x0e64 5U875UVC - ok
20:37:35.0000 0x0e64 Abiosdsk - ok
20:37:35.0000 0x0e64 abp480n5 - ok
20:37:35.0093 0x0e64 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:37:35.0156 0x0e64 ACPI - ok
20:37:35.0187 0x0e64 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:37:35.0187 0x0e64 ACPIEC - ok
20:37:35.0187 0x0e64 adpu160m - ok
20:37:35.0265 0x0e64 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:37:35.0312 0x0e64 aec - ok
20:37:35.0359 0x0e64 [ B8A5AE35B5BBB8E0DBD6689BB3261FEB, 36012C336D424F8303FFEE17F00F2F343D9E11FDE377BB93E2B51C5C1DE07B83 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:37:35.0359 0x0e64 AegisP - ok
20:37:35.0437 0x0e64 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:37:35.0500 0x0e64 AFD - ok
20:37:35.0500 0x0e64 Aha154x - ok
20:37:35.0500 0x0e64 aic78u2 - ok
20:37:35.0500 0x0e64 aic78xx - ok
20:37:35.0531 0x0e64 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:37:35.0546 0x0e64 Alerter - ok
20:37:35.0578 0x0e64 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
20:37:35.0593 0x0e64 ALG - ok
20:37:35.0593 0x0e64 AliIde - ok
20:37:35.0593 0x0e64 amsint - ok
20:37:35.0703 0x0e64 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:37:35.0765 0x0e64 AppMgmt - ok
20:37:35.0812 0x0e64 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:37:35.0828 0x0e64 Arp1394 - ok
20:37:35.0828 0x0e64 asc - ok
20:37:35.0843 0x0e64 asc3350p - ok
20:37:35.0843 0x0e64 asc3550 - ok
20:37:36.0000 0x0e64 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:37:36.0031 0x0e64 aspnet_state - ok
20:37:36.0078 0x0e64 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
20:37:36.0093 0x0e64 aswHwid - ok
20:37:36.0171 0x0e64 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:37:36.0203 0x0e64 aswMonFlt - ok
20:37:36.0265 0x0e64 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
20:37:36.0312 0x0e64 aswRdr - ok
20:37:36.0359 0x0e64 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
20:37:36.0390 0x0e64 aswRvrt - ok
20:37:36.0875 0x0e64 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:37:37.0375 0x0e64 aswSnx - ok
20:37:37.0640 0x0e64 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:37:37.0843 0x0e64 aswSP - ok
20:37:37.0890 0x0e64 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:37:37.0921 0x0e64 aswTdi - ok
20:37:38.0000 0x0e64 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
20:37:38.0062 0x0e64 aswVmm - ok
20:37:38.0109 0x0e64 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:37:38.0125 0x0e64 AsyncMac - ok
20:37:38.0156 0x0e64 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:37:38.0156 0x0e64 atapi - ok
20:37:38.0171 0x0e64 Atdisk - ok
20:37:38.0468 0x0e64 [ DAE9B06F344AE0F877D7CE3500C12342, 98F47D9BA7F9D1222FE2E9A8ED5F0F7988B8DEE2A03ADD1DFD5EE71469D40CB1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:37:38.0500 0x0e64 Ati HotKey Poller - ok
20:37:41.0468 0x0e64 [ BDE0F5D73C04B3F16672A7E6EA9D2392, D61530BD70DEA213ACF4405BFF158F86875F1C732D255161407BD7148529AEDF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:37:44.0500 0x0e64 ati2mtag - ok
20:37:44.0578 0x0e64 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:37:44.0593 0x0e64 Atmarpc - ok
20:37:44.0625 0x0e64 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:37:44.0640 0x0e64 AudioSrv - ok
20:37:44.0671 0x0e64 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:37:44.0671 0x0e64 audstub - ok
20:37:44.0921 0x0e64 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus E:\Programme_Tom\avast\AvastSvc.exe
20:37:44.0937 0x0e64 avast! Antivirus - ok
20:37:44.0984 0x0e64 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:37:44.0984 0x0e64 Beep - ok
20:37:45.0250 0x0e64 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
20:37:45.0515 0x0e64 BITS - ok
20:37:45.0593 0x0e64 [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser C:\WINDOWS\System32\browser.dll
20:37:45.0656 0x0e64 Browser - ok
20:37:45.0687 0x0e64 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:37:45.0703 0x0e64 cbidf2k - ok
20:37:45.0734 0x0e64 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:37:45.0734 0x0e64 CCDECODE - ok
20:37:45.0750 0x0e64 cd20xrnt - ok
20:37:45.0781 0x0e64 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:37:45.0796 0x0e64 Cdaudio - ok
20:37:45.0843 0x0e64 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:37:45.0890 0x0e64 Cdfs - ok
20:37:45.0937 0x0e64 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:37:45.0984 0x0e64 Cdrom - ok
20:37:45.0984 0x0e64 Changer - ok
20:37:46.0015 0x0e64 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:37:46.0031 0x0e64 CiSvc - ok
20:37:46.0078 0x0e64 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:37:46.0093 0x0e64 ClipSrv - ok
20:37:46.0234 0x0e64 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:46.0406 0x0e64 clr_optimization_v2.0.50727_32 - ok
20:37:46.0515 0x0e64 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:46.0671 0x0e64 clr_optimization_v4.0.30319_32 - ok
20:37:46.0703 0x0e64 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:37:46.0718 0x0e64 CmBatt - ok
20:37:46.0718 0x0e64 CmdIde - ok
20:37:47.0250 0x0e64 [ 33602232B07F43DF8FC7350A5617D3A7, 01F9DC0AED800E42288D4522D3FDE00748DC21BC6A2D113F03F9BA8071CBB60E ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys
20:37:47.0703 0x0e64 CnxtHdAudService - ok
20:37:47.0734 0x0e64 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:37:47.0734 0x0e64 Compbatt - ok
20:37:47.0750 0x0e64 COMSysApp - ok
20:37:47.0750 0x0e64 Cpqarray - ok
20:37:47.0781 0x0e64 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:37:47.0812 0x0e64 CryptSvc - ok
20:37:47.0812 0x0e64 dac2w2k - ok
20:37:47.0812 0x0e64 dac960nt - ok
20:37:48.0000 0x0e64 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:37:48.0156 0x0e64 DcomLaunch - ok
20:37:48.0234 0x0e64 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:37:48.0312 0x0e64 Dhcp - ok
20:37:48.0343 0x0e64 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:37:48.0375 0x0e64 Disk - ok
20:37:48.0375 0x0e64 dmadmin - ok
20:37:48.0875 0x0e64 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:37:49.0359 0x0e64 dmboot - ok
20:37:49.0484 0x0e64 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
20:37:49.0578 0x0e64 dmio - ok
20:37:49.0593 0x0e64 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:37:49.0609 0x0e64 dmload - ok
20:37:49.0640 0x0e64 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:37:49.0656 0x0e64 dmserver - ok
20:37:49.0718 0x0e64 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:37:49.0750 0x0e64 DMusic - ok
20:37:49.0796 0x0e64 [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:37:49.0828 0x0e64 Dnscache - ok
20:37:49.0984 0x0e64 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:37:50.0093 0x0e64 Dot3svc - ok
20:37:50.0109 0x0e64 dpti2o - ok
20:37:50.0156 0x0e64 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:37:50.0171 0x0e64 drmkaud - ok
20:37:50.0359 0x0e64 [ 21BB5F57BD27CA232039FEB6C91A2999, DE8AEC597448C3E90AAD44FDA9E269EB358F0AFAF39002114580FE870E056463 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
20:37:50.0500 0x0e64 e1yexpress - ok
20:37:50.0562 0x0e64 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:37:50.0578 0x0e64 EapHost - ok
20:37:50.0640 0x0e64 [ CE37E3D51912E59C80C6D84337C0B4CD, CE15CFFCF1D099DC6B9423746DDADCAE6BAFFCF037DD9F3FF154A8E69022A861 ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
20:37:50.0656 0x0e64 ElbyCDFL - ok
20:37:50.0687 0x0e64 [ 178CC9403816C082D22A1D47FA1F9C85, B9AD7199C00D477EBBC15F2DCF78A6BA60C2670DAD0EF0994CEBCCB19111F890 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:37:50.0703 0x0e64 ElbyCDIO - ok
20:37:50.0734 0x0e64 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:37:50.0765 0x0e64 ERSvc - ok
20:37:50.0875 0x0e64 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] Eventlog C:\WINDOWS\system32\services.exe
20:37:50.0953 0x0e64 Eventlog - ok
20:37:51.0109 0x0e64 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] EventSystem C:\WINDOWS\system32\es.dll
20:37:51.0265 0x0e64 EventSystem - ok
20:37:51.0859 0x0e64 [ 9D6A019DEA917F305AF23209FEDD5F16, FDD3CB69A71D37BDA25A7042187115534A492A4C0F07A9EA3B3E56869C5F35EE ] EvtEng C:\Programme\Intel\WiFi\bin\EvtEng.exe
20:37:52.0390 0x0e64 EvtEng - ok
20:37:52.0515 0x0e64 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:37:52.0609 0x0e64 Fastfat - ok
20:37:52.0718 0x0e64 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:37:52.0812 0x0e64 FastUserSwitchingCompatibility - ok
20:37:52.0843 0x0e64 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:37:52.0875 0x0e64 Fdc - ok
20:37:52.0921 0x0e64 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:37:52.0937 0x0e64 Fips - ok
20:37:52.0968 0x0e64 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:37:52.0968 0x0e64 Flpydisk - ok
20:37:53.0093 0x0e64 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:37:53.0187 0x0e64 FltMgr - ok
20:37:53.0296 0x0e64 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:37:53.0343 0x0e64 FontCache3.0.0.0 - ok
20:37:53.0375 0x0e64 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:37:53.0375 0x0e64 Fs_Rec - ok
20:37:53.0468 0x0e64 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:37:53.0546 0x0e64 Ftdisk - ok
20:37:53.0609 0x0e64 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:37:53.0640 0x0e64 Gpc - ok
20:37:53.0671 0x0e64 [ D956358054E99E6FFAC69CD87E893A89, 91CDDEDBAB9E0E4DED1465DA2364F4281E54A7E4645B61CC19B26053A4047314 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
20:37:53.0687 0x0e64 grmnusb - ok
20:37:53.0796 0x0e64 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
20:37:53.0828 0x0e64 gupdate - ok
20:37:53.0906 0x0e64 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
20:37:53.0921 0x0e64 gupdatem - ok
20:37:54.0031 0x0e64 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:37:54.0125 0x0e64 HDAudBus - ok
20:37:54.0203 0x0e64 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:37:54.0234 0x0e64 helpsvc - ok
20:37:54.0281 0x0e64 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:37:54.0296 0x0e64 HidServ - ok
20:37:54.0328 0x0e64 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:37:54.0359 0x0e64 HidUsb - ok
20:37:54.0421 0x0e64 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:37:54.0468 0x0e64 hkmsvc - ok
20:37:54.0468 0x0e64 hpn - ok
20:37:54.0656 0x0e64 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:37:54.0828 0x0e64 HTTP - ok
20:37:54.0859 0x0e64 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:37:54.0890 0x0e64 HTTPFilter - ok
20:37:54.0890 0x0e64 i2omgmt - ok
20:37:54.0890 0x0e64 i2omp - ok
20:37:54.0953 0x0e64 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:37:54.0984 0x0e64 i8042prt - ok
20:37:55.0609 0x0e64 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:37:56.0109 0x0e64 idsvc - ok
20:37:56.0156 0x0e64 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:37:56.0171 0x0e64 Imapi - ok
20:37:56.0250 0x0e64 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:37:56.0281 0x0e64 ImapiService - ok
20:37:56.0281 0x0e64 ini910u - ok
20:37:56.0281 0x0e64 IntelIde - ok
20:37:56.0312 0x0e64 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:37:56.0328 0x0e64 intelppm - ok
20:37:56.0359 0x0e64 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:37:56.0375 0x0e64 Ip6Fw - ok
20:37:56.0406 0x0e64 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:37:56.0421 0x0e64 IpFilterDriver - ok
20:37:56.0437 0x0e64 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:37:56.0437 0x0e64 IpInIp - ok
20:37:56.0515 0x0e64 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:37:56.0578 0x0e64 IpNat - ok
20:37:56.0625 0x0e64 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:37:56.0656 0x0e64 IPSec - ok
20:37:56.0687 0x0e64 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:37:56.0687 0x0e64 IRENUM - ok
20:37:56.0734 0x0e64 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:37:56.0765 0x0e64 isapnp - ok
20:37:57.0000 0x0e64 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService E:\Programme_Tom\Java\jre7\bin\jqs.exe
20:37:57.0109 0x0e64 JavaQuickStarterService - ok
20:37:57.0171 0x0e64 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:37:57.0187 0x0e64 Kbdclass - ok
20:37:57.0312 0x0e64 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:37:57.0406 0x0e64 kmixer - ok
20:37:57.0437 0x0e64 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:37:57.0484 0x0e64 KSecDD - ok
20:37:57.0546 0x0e64 [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:37:57.0593 0x0e64 LanmanServer - ok
20:37:57.0671 0x0e64 [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:37:57.0734 0x0e64 lanmanworkstation - ok
20:37:57.0734 0x0e64 lbrtfdc - ok
20:37:57.0750 0x0e64 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:37:57.0765 0x0e64 LmHosts - ok
20:37:57.0781 0x0e64 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:37:57.0812 0x0e64 Messenger - ok
20:37:57.0890 0x0e64 Microsoft SharePoint Workspace Audit Service - ok
20:37:57.0921 0x0e64 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:37:57.0921 0x0e64 mnmdd - ok
20:37:57.0953 0x0e64 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:37:57.0968 0x0e64 mnmsrvc - ok
20:37:58.0000 0x0e64 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:37:58.0015 0x0e64 Modem - ok
20:37:58.0046 0x0e64 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:37:58.0078 0x0e64 Mouclass - ok
20:37:58.0109 0x0e64 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:37:58.0125 0x0e64 mouhid - ok
20:37:58.0187 0x0e64 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:37:58.0234 0x0e64 MountMgr - ok
20:37:58.0359 0x0e64 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:37:58.0437 0x0e64 MozillaMaintenance - ok
20:37:58.0437 0x0e64 mraid35x - ok
20:37:58.0578 0x0e64 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:37:58.0687 0x0e64 MRxDAV - ok
20:37:58.0875 0x0e64 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:37:59.0062 0x0e64 MRxSmb - ok
20:37:59.0093 0x0e64 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:37:59.0093 0x0e64 MSDTC - ok
20:37:59.0125 0x0e64 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:37:59.0140 0x0e64 Msfs - ok
20:37:59.0140 0x0e64 MSIServer - ok
20:37:59.0156 0x0e64 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:37:59.0156 0x0e64 MSKSSRV - ok
20:37:59.0171 0x0e64 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:37:59.0171 0x0e64 MSPCLOCK - ok
20:37:59.0187 0x0e64 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:37:59.0187 0x0e64 MSPQM - ok
20:37:59.0218 0x0e64 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:37:59.0218 0x0e64 mssmbios - ok
20:37:59.0234 0x0e64 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:37:59.0234 0x0e64 MSTEE - ok
20:37:59.0281 0x0e64 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:37:59.0312 0x0e64 Mup - ok
20:37:59.0359 0x0e64 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:37:59.0390 0x0e64 NABTSFEC - ok
20:37:59.0515 0x0e64 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:37:59.0625 0x0e64 napagent - ok
20:37:59.0718 0x0e64 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:37:59.0781 0x0e64 NDIS - ok
20:37:59.0796 0x0e64 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:37:59.0812 0x0e64 NdisIP - ok
20:37:59.0828 0x0e64 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:37:59.0828 0x0e64 NdisTapi - ok
20:37:59.0875 0x0e64 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:37:59.0875 0x0e64 Ndisuio - ok
20:37:59.0921 0x0e64 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:37:59.0953 0x0e64 NdisWan - ok
20:37:59.0984 0x0e64 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:38:00.0000 0x0e64 NDProxy - ok
20:38:00.0031 0x0e64 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:38:00.0046 0x0e64 NetBIOS - ok
20:38:00.0125 0x0e64 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:00.0171 0x0e64 NetBT - ok
20:38:00.0250 0x0e64 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
20:38:00.0296 0x0e64 NetDDE - ok
20:38:00.0328 0x0e64 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:38:00.0343 0x0e64 NetDDEdsdm - ok
20:38:00.0375 0x0e64 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:38:00.0375 0x0e64 Netlogon - ok
20:38:00.0484 0x0e64 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
20:38:00.0562 0x0e64 Netman - ok
20:38:00.0562 0x0e64 Scan was interrupted by user!
20:38:00.0625 0x0e64 AV detected via SS1: avast! Antivirus, 5.0.150996965, disabled, updated
20:38:00.0640 0x0e64 Win FW state via NFM: enabled
20:38:00.0640 0x0e64 ============================================================
20:38:00.0640 0x0e64 Scan finished
20:38:00.0640 0x0e64 ============================================================
20:38:00.0640 0x0888 Detected object count: 0
20:38:00.0640 0x0888 Actual detected object count: 0
20:38:13.0640 0x0aa8 ============================================================
20:38:13.0640 0x0aa8 Scan started
20:38:13.0640 0x0aa8 Mode: Manual; SigCheck; TDLFS;
20:38:13.0640 0x0aa8 ============================================================
20:38:13.0640 0x0aa8 KSN ping started
20:38:13.0656 0x0aa8 KSN ping finished: false
20:38:14.0171 0x0aa8 ================ Scan system memory ========================
20:38:14.0171 0x0aa8 System memory - ok
20:38:14.0171 0x0aa8 ================ Scan services =============================
20:38:14.0593 0x0aa8 [ 42B72495B6D3390EC54850D8036A7D7C, 082255CD6ABF16168B4F502BC2EECD236E1D288EC1A0C06A507E135FBAE5B8DA ] 5U875UVC C:\WINDOWS\system32\DRIVERS\RCUVCMNP.sys
20:38:14.0906 0x0aa8 5U875UVC - ok
20:38:14.0906 0x0aa8 Abiosdsk - ok
20:38:14.0906 0x0aa8 abp480n5 - ok
20:38:15.0046 0x0aa8 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:38:15.0250 0x0aa8 ACPI - ok
20:38:15.0265 0x0aa8 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:38:15.0328 0x0aa8 ACPIEC - ok
20:38:15.0328 0x0aa8 adpu160m - ok
20:38:15.0406 0x0aa8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:38:15.0468 0x0aa8 aec - ok
20:38:15.0515 0x0aa8 [ B8A5AE35B5BBB8E0DBD6689BB3261FEB, 36012C336D424F8303FFEE17F00F2F343D9E11FDE377BB93E2B51C5C1DE07B83 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:38:15.0515 0x0aa8 AegisP - detected UnsignedFile.Multi.Generic ( 1 )
20:38:15.0625 0x0aa8 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:38:15.0625 0x0aa8 Force sending object to P2P due to detect: AegisP
20:38:15.0640 0x0aa8 Object send P2P result: false
20:38:15.0718 0x0aa8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:38:15.0781 0x0aa8 AFD - ok
20:38:15.0781 0x0aa8 Aha154x - ok
20:38:15.0796 0x0aa8 aic78u2 - ok
20:38:15.0796 0x0aa8 aic78xx - ok
20:38:15.0843 0x0aa8 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:38:15.0937 0x0aa8 Alerter - ok
20:38:15.0968 0x0aa8 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
20:38:16.0031 0x0aa8 ALG - ok
20:38:16.0031 0x0aa8 AliIde - ok
20:38:16.0046 0x0aa8 amsint - ok
20:38:16.0140 0x0aa8 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:38:16.0203 0x0aa8 AppMgmt - ok
20:38:16.0250 0x0aa8 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:38:16.0328 0x0aa8 Arp1394 - ok
20:38:16.0328 0x0aa8 asc - ok
20:38:16.0343 0x0aa8 asc3350p - ok
20:38:16.0343 0x0aa8 asc3550 - ok
20:38:16.0484 0x0aa8 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:38:16.0500 0x0aa8 aspnet_state - ok
20:38:16.0531 0x0aa8 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
20:38:16.0546 0x0aa8 aswHwid - ok
20:38:16.0593 0x0aa8 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:38:16.0609 0x0aa8 aswMonFlt - ok
20:38:16.0656 0x0aa8 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
20:38:16.0671 0x0aa8 aswRdr - ok
20:38:16.0703 0x0aa8 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
20:38:16.0718 0x0aa8 aswRvrt - ok
20:38:17.0078 0x0aa8 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:38:17.0343 0x0aa8 aswSnx - ok
20:38:17.0609 0x0aa8 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:38:17.0796 0x0aa8 aswSP - ok
20:38:17.0859 0x0aa8 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:38:17.0890 0x0aa8 aswTdi - ok
20:38:17.0968 0x0aa8 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
20:38:17.0984 0x0aa8 aswVmm - ok
20:38:18.0015 0x0aa8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:38:18.0093 0x0aa8 AsyncMac - ok
20:38:18.0140 0x0aa8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:18.0218 0x0aa8 atapi - ok
20:38:18.0218 0x0aa8 Atdisk - ok
20:38:18.0531 0x0aa8 [ DAE9B06F344AE0F877D7CE3500C12342, 98F47D9BA7F9D1222FE2E9A8ED5F0F7988B8DEE2A03ADD1DFD5EE71469D40CB1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:38:18.0765 0x0aa8 Ati HotKey Poller - ok
20:38:21.0765 0x0aa8 [ BDE0F5D73C04B3F16672A7E6EA9D2392, D61530BD70DEA213ACF4405BFF158F86875F1C732D255161407BD7148529AEDF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:38:24.0656 0x0aa8 ati2mtag - ok
20:38:24.0734 0x0aa8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:38:24.0812 0x0aa8 Atmarpc - ok
20:38:24.0859 0x0aa8 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:38:24.0953 0x0aa8 AudioSrv - ok
20:38:25.0000 0x0aa8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:38:25.0062 0x0aa8 audstub - ok
20:38:25.0296 0x0aa8 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus E:\Programme_Tom\avast\AvastSvc.exe
20:38:25.0312 0x0aa8 avast! Antivirus - ok
20:38:25.0343 0x0aa8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:38:25.0421 0x0aa8 Beep - ok
20:38:25.0609 0x0aa8 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
20:38:25.0937 0x0aa8 BITS - ok
20:38:26.0000 0x0aa8 [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser C:\WINDOWS\System32\browser.dll
20:38:26.0062 0x0aa8 Browser - ok
20:38:26.0093 0x0aa8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:38:26.0156 0x0aa8 cbidf2k - ok
20:38:26.0171 0x0aa8 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:38:26.0250 0x0aa8 CCDECODE - ok
20:38:26.0250 0x0aa8 cd20xrnt - ok
20:38:26.0281 0x0aa8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:38:26.0343 0x0aa8 Cdaudio - ok
20:38:26.0375 0x0aa8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:38:26.0437 0x0aa8 Cdfs - ok
20:38:26.0500 0x0aa8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:38:26.0593 0x0aa8 Cdrom - ok
20:38:26.0593 0x0aa8 Changer - ok
20:38:26.0625 0x0aa8 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:38:26.0703 0x0aa8 CiSvc - ok
20:38:26.0734 0x0aa8 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:38:26.0828 0x0aa8 ClipSrv - ok
20:38:26.0937 0x0aa8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:26.0953 0x0aa8 clr_optimization_v2.0.50727_32 - ok
20:38:27.0031 0x0aa8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:27.0046 0x0aa8 clr_optimization_v4.0.30319_32 - ok
20:38:27.0078 0x0aa8 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:38:27.0203 0x0aa8 CmBatt - ok
20:38:27.0203 0x0aa8 CmdIde - ok
20:38:27.0546 0x0aa8 [ 33602232B07F43DF8FC7350A5617D3A7, 01F9DC0AED800E42288D4522D3FDE00748DC21BC6A2D113F03F9BA8071CBB60E ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys
20:38:27.0812 0x0aa8 CnxtHdAudService - ok
20:38:27.0859 0x0aa8 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:38:28.0062 0x0aa8 Compbatt - ok
20:38:28.0062 0x0aa8 COMSysApp - ok
20:38:28.0078 0x0aa8 Cpqarray - ok
20:38:28.0156 0x0aa8 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:38:28.0234 0x0aa8 CryptSvc - ok
20:38:28.0234 0x0aa8 dac2w2k - ok
20:38:28.0234 0x0aa8 dac960nt - ok
20:38:28.0421 0x0aa8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:38:28.0578 0x0aa8 DcomLaunch - ok
20:38:28.0687 0x0aa8 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:38:28.0812 0x0aa8 Dhcp - ok
20:38:28.0859 0x0aa8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:28.0984 0x0aa8 Disk - ok
20:38:28.0984 0x0aa8 dmadmin - ok
20:38:29.0312 0x0aa8 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:38:29.0593 0x0aa8 dmboot - ok
20:38:29.0687 0x0aa8 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
20:38:29.0765 0x0aa8 dmio - ok
20:38:29.0781 0x0aa8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:38:29.0859 0x0aa8 dmload - ok
20:38:29.0875 0x0aa8 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:38:29.0937 0x0aa8 dmserver - ok
20:38:29.0984 0x0aa8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:38:30.0046 0x0aa8 DMusic - ok
20:38:30.0078 0x0aa8 [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:38:30.0156 0x0aa8 Dnscache - ok
20:38:30.0250 0x0aa8 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:38:30.0328 0x0aa8 Dot3svc - ok
20:38:30.0328 0x0aa8 dpti2o - ok
20:38:30.0359 0x0aa8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:38:30.0421 0x0aa8 drmkaud - ok
20:38:30.0546 0x0aa8 [ 21BB5F57BD27CA232039FEB6C91A2999, DE8AEC597448C3E90AAD44FDA9E269EB358F0AFAF39002114580FE870E056463 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
20:38:30.0562 0x0aa8 e1yexpress - ok
20:38:30.0609 0x0aa8 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:38:30.0671 0x0aa8 EapHost - ok
20:38:30.0718 0x0aa8 [ CE37E3D51912E59C80C6D84337C0B4CD, CE15CFFCF1D099DC6B9423746DDADCAE6BAFFCF037DD9F3FF154A8E69022A861 ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
20:38:30.0718 0x0aa8 ElbyCDFL - ok
20:38:30.0750 0x0aa8 [ 178CC9403816C082D22A1D47FA1F9C85, B9AD7199C00D477EBBC15F2DCF78A6BA60C2670DAD0EF0994CEBCCB19111F890 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:38:30.0750 0x0aa8 ElbyCDIO - ok
20:38:30.0765 0x0aa8 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:38:30.0875 0x0aa8 ERSvc - ok
20:38:30.0937 0x0aa8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] Eventlog C:\WINDOWS\system32\services.exe
20:38:31.0015 0x0aa8 Eventlog - ok
20:38:31.0125 0x0aa8 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] EventSystem C:\WINDOWS\system32\es.dll
20:38:31.0187 0x0aa8 EventSystem - ok
20:38:31.0578 0x0aa8 [ 9D6A019DEA917F305AF23209FEDD5F16, FDD3CB69A71D37BDA25A7042187115534A492A4C0F07A9EA3B3E56869C5F35EE ] EvtEng C:\Programme\Intel\WiFi\bin\EvtEng.exe
20:38:32.0015 0x0aa8 EvtEng - ok
20:38:32.0140 0x0aa8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:38:32.0328 0x0aa8 Fastfat - ok
20:38:32.0406 0x0aa8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:38:32.0484 0x0aa8 FastUserSwitchingCompatibility - ok
20:38:32.0515 0x0aa8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:38:32.0578 0x0aa8 Fdc - ok
20:38:32.0609 0x0aa8 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:38:32.0671 0x0aa8 Fips - ok
20:38:32.0687 0x0aa8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:38:32.0750 0x0aa8 Flpydisk - ok
20:38:32.0828 0x0aa8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:38:32.0937 0x0aa8 FltMgr - ok
20:38:33.0015 0x0aa8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:38:33.0015 0x0aa8 FontCache3.0.0.0 - ok
20:38:33.0046 0x0aa8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:38:33.0125 0x0aa8 Fs_Rec - ok
20:38:33.0187 0x0aa8 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:38:33.0281 0x0aa8 Ftdisk - ok
20:38:33.0312 0x0aa8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:38:33.0406 0x0aa8 Gpc - ok
20:38:33.0437 0x0aa8 [ D956358054E99E6FFAC69CD87E893A89, 91CDDEDBAB9E0E4DED1465DA2364F4281E54A7E4645B61CC19B26053A4047314 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
20:38:33.0453 0x0aa8 grmnusb - detected UnsignedFile.Multi.Generic ( 1 )
20:38:33.0453 0x0aa8 grmnusb ( UnsignedFile.Multi.Generic ) - warning
20:38:33.0453 0x0aa8 Force sending object to P2P due to detect: grmnusb
20:38:33.0453 0x0aa8 Object send P2P result: false
20:38:33.0531 0x0aa8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
20:38:33.0546 0x0aa8 gupdate - ok
20:38:33.0593 0x0aa8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
20:38:33.0609 0x0aa8 gupdatem - ok
20:38:33.0718 0x0aa8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:38:33.0828 0x0aa8 HDAudBus - ok
20:38:33.0906 0x0aa8 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:38:34.0000 0x0aa8 helpsvc - ok
20:38:34.0031 0x0aa8 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:38:34.0093 0x0aa8 HidServ - ok
20:38:34.0125 0x0aa8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:38:34.0203 0x0aa8 HidUsb - ok
20:38:34.0265 0x0aa8 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:38:34.0343 0x0aa8 hkmsvc - ok
20:38:34.0343 0x0aa8 hpn - ok
20:38:34.0453 0x0aa8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:38:34.0531 0x0aa8 HTTP - ok
20:38:34.0546 0x0aa8 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:38:34.0625 0x0aa8 HTTPFilter - ok
20:38:34.0640 0x0aa8 i2omgmt - ok
20:38:34.0640 0x0aa8 i2omp - ok
20:38:34.0671 0x0aa8 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:38:34.0750 0x0aa8 i8042prt - ok
20:38:35.0203 0x0aa8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:38:35.0640 0x0aa8 idsvc - ok
20:38:35.0703 0x0aa8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:38:35.0890 0x0aa8 Imapi - ok
20:38:35.0968 0x0aa8 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:38:36.0031 0x0aa8 ImapiService - ok
20:38:36.0046 0x0aa8 ini910u - ok
20:38:36.0046 0x0aa8 IntelIde - ok
20:38:36.0078 0x0aa8 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:38:36.0156 0x0aa8 intelppm - ok
20:38:36.0187 0x0aa8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:38:36.0250 0x0aa8 Ip6Fw - ok
20:38:36.0281 0x0aa8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:38:36.0359 0x0aa8 IpFilterDriver - ok
20:38:36.0375 0x0aa8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:38:36.0437 0x0aa8 IpInIp - ok
20:38:36.0515 0x0aa8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:38:36.0593 0x0aa8 IpNat - ok
20:38:36.0625 0x0aa8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:38:36.0703 0x0aa8 IPSec - ok
20:38:36.0734 0x0aa8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:38:36.0781 0x0aa8 IRENUM - ok
20:38:36.0812 0x0aa8 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:38:36.0921 0x0aa8 isapnp - ok
20:38:37.0109 0x0aa8 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService E:\Programme_Tom\Java\jre7\bin\jqs.exe
20:38:37.0125 0x0aa8 JavaQuickStarterService - ok
20:38:37.0171 0x0aa8 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:38:37.0265 0x0aa8 Kbdclass - ok
20:38:37.0343 0x0aa8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:38:37.0453 0x0aa8 kmixer - ok
20:38:37.0515 0x0aa8 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:38:37.0578 0x0aa8 KSecDD - ok
20:38:37.0656 0x0aa8 [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:38:37.0718 0x0aa8 LanmanServer - ok
20:38:37.0781 0x0aa8 [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:38:37.0875 0x0aa8 lanmanworkstation - ok
20:38:37.0875 0x0aa8 lbrtfdc - ok
20:38:37.0906 0x0aa8 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:38:37.0968 0x0aa8 LmHosts - ok
20:38:38.0000 0x0aa8 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:38:38.0062 0x0aa8 Messenger - ok
20:38:38.0156 0x0aa8 Microsoft SharePoint Workspace Audit Service - ok
20:38:38.0171 0x0aa8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:38:38.0250 0x0aa8 mnmdd - ok
20:38:38.0265 0x0aa8 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:38:38.0343 0x0aa8 mnmsrvc - ok
20:38:38.0375 0x0aa8 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:38:38.0437 0x0aa8 Modem - ok
20:38:38.0468 0x0aa8 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:38:38.0531 0x0aa8 Mouclass - ok
20:38:38.0562 0x0aa8 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:38:38.0640 0x0aa8 mouhid - ok
20:38:38.0687 0x0aa8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:38:38.0765 0x0aa8 MountMgr - ok
20:38:38.0843 0x0aa8 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:38:38.0859 0x0aa8 MozillaMaintenance - ok
20:38:38.0859 0x0aa8 mraid35x - ok
20:38:38.0953 0x0aa8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:38:39.0031 0x0aa8 MRxDAV - ok
20:38:39.0218 0x0aa8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:38:39.0562 0x0aa8 MRxSmb - ok
20:38:39.0625 0x0aa8 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:38:39.0703 0x0aa8 MSDTC - ok
20:38:39.0734 0x0aa8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:38:39.0796 0x0aa8 Msfs - ok
20:38:39.0812 0x0aa8 MSIServer - ok
20:38:39.0828 0x0aa8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:38:39.0890 0x0aa8 MSKSSRV - ok
20:38:39.0921 0x0aa8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:38:39.0968 0x0aa8 MSPCLOCK - ok
20:38:39.0984 0x0aa8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:38:40.0046 0x0aa8 MSPQM - ok
20:38:40.0078 0x0aa8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:38:40.0125 0x0aa8 mssmbios - ok
20:38:40.0140 0x0aa8 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:38:40.0203 0x0aa8 MSTEE - ok
20:38:40.0265 0x0aa8 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:38:40.0328 0x0aa8 Mup - ok
20:38:40.0359 0x0aa8 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:38:40.0437 0x0aa8 NABTSFEC - ok
20:38:40.0562 0x0aa8 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:38:40.0625 0x0aa8 napagent - ok
20:38:40.0718 0x0aa8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:38:40.0828 0x0aa8 NDIS - ok
20:38:40.0921 0x0aa8 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:38:41.0000 0x0aa8 NdisIP - ok
20:38:41.0015 0x0aa8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:38:41.0078 0x0aa8 NdisTapi - ok
20:38:41.0093 0x0aa8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:38:41.0156 0x0aa8 Ndisuio - ok
20:38:41.0187 0x0aa8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:38:41.0250 0x0aa8 NdisWan - ok
20:38:41.0296 0x0aa8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:38:41.0343 0x0aa8 NDProxy - ok
20:38:41.0375 0x0aa8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:38:41.0437 0x0aa8 NetBIOS - ok
20:38:41.0500 0x0aa8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:41.0578 0x0aa8 NetBT - ok
20:38:41.0640 0x0aa8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
20:38:41.0718 0x0aa8 NetDDE - ok
20:38:41.0765 0x0aa8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:38:41.0828 0x0aa8 NetDDEdsdm - ok
20:38:41.0890 0x0aa8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:38:41.0953 0x0aa8 Netlogon - ok
20:38:42.0046 0x0aa8 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
20:38:42.0125 0x0aa8 Netman - ok
20:38:42.0218 0x0aa8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:38:42.0281 0x0aa8 NetTcpPortSharing - ok
20:38:46.0140 0x0aa8 [ 56D7228D7AB2A6B19718AA6B7C0D66E5, 5FA4DBC9DF5A579BDFA7C46B166D6D5A4D440D56ECB3D38302CE1DE5C20D12DA ] NETwNx32 C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
20:38:57.0390 0x0aa8 NETwNx32 - ok
20:38:57.0453 0x0aa8 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:38:57.0656 0x0aa8 NIC1394 - ok
20:38:57.0843 0x0aa8 [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] Nla C:\WINDOWS\System32\mswsock.dll
20:38:58.0171 0x0aa8 Nla - ok
20:38:58.0250 0x0aa8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:38:58.0406 0x0aa8 Npfs - ok
20:38:58.0546 0x0aa8 [ 53F7546E8DAEFB3A0813F5E19C4613C9, 3083129855BA0C9435D18A7D2693807F07751E2A3080D968D2777A6457CDFC59 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
20:38:58.0609 0x0aa8 NSNDIS5 - detected UnsignedFile.Multi.Generic ( 1 )
20:38:58.0609 0x0aa8 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:38:59.0031 0x0aa8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:38:59.0890 0x0aa8 Ntfs - ok
20:38:59.0921 0x0aa8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:39:00.0000 0x0aa8 NtLmSsp - ok
20:39:00.0375 0x0aa8 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:39:00.0906 0x0aa8 NtmsSvc - ok
20:39:00.0953 0x0aa8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:39:01.0109 0x0aa8 Null - ok
20:39:01.0171 0x0aa8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:39:01.0296 0x0aa8 NwlnkFlt - ok
20:39:01.0312 0x0aa8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:39:01.0468 0x0aa8 NwlnkFwd - ok
20:39:01.0531 0x0aa8 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:39:01.0671 0x0aa8 ohci1394 - ok
20:39:01.0859 0x0aa8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:39:02.0062 0x0aa8 ose - ok
20:39:05.0562 0x0aa8 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:39:10.0453 0x0aa8 osppsvc - ok
20:39:10.0562 0x0aa8 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:39:10.0796 0x0aa8 Parport - ok
20:39:10.0875 0x0aa8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:39:10.0953 0x0aa8 PartMgr - ok
20:39:11.0000 0x0aa8 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:39:11.0062 0x0aa8 ParVdm - ok
20:39:11.0093 0x0aa8 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:39:11.0171 0x0aa8 PCI - ok
20:39:11.0171 0x0aa8 PCIDump - ok
20:39:11.0187 0x0aa8 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:39:11.0250 0x0aa8 PCIIde - ok
20:39:11.0296 0x0aa8 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:39:11.0437 0x0aa8 Pcmcia - ok
20:39:11.0437 0x0aa8 PDCOMP - ok
20:39:11.0437 0x0aa8 PDFRAME - ok
20:39:11.0453 0x0aa8 PDRELI - ok
20:39:11.0453 0x0aa8 PDRFRAME - ok
20:39:11.0453 0x0aa8 perc2 - ok
20:39:11.0453 0x0aa8 perc2hib - ok
20:39:11.0515 0x0aa8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] PlugPlay C:\WINDOWS\system32\services.exe
20:39:11.0593 0x0aa8 PlugPlay - ok
20:39:11.0609 0x0aa8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:39:11.0687 0x0aa8 PolicyAgent - ok
20:39:11.0718 0x0aa8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:39:11.0828 0x0aa8 PptpMiniport - ok
20:39:11.0843 0x0aa8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:39:11.0921 0x0aa8 ProtectedStorage - ok
20:39:11.0953 0x0aa8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:39:12.0078 0x0aa8 PSched - ok
20:39:12.0109 0x0aa8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:39:12.0187 0x0aa8 Ptilink - ok
20:39:12.0203 0x0aa8 ql1080 - ok
20:39:12.0203 0x0aa8 Ql10wnt - ok
20:39:12.0203 0x0aa8 ql12160 - ok
20:39:12.0203 0x0aa8 ql1240 - ok
20:39:12.0218 0x0aa8 ql1280 - ok
20:39:12.0234 0x0aa8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:39:12.0312 0x0aa8 RasAcd - ok
20:39:12.0375 0x0aa8 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:39:12.0500 0x0aa8 RasAuto - ok
20:39:12.0562 0x0aa8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:39:12.0687 0x0aa8 Rasl2tp - ok
20:39:12.0796 0x0aa8 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:39:13.0031 0x0aa8 RasMan - ok
20:39:13.0062 0x0aa8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:39:13.0171 0x0aa8 RasPppoe - ok
20:39:13.0203 0x0aa8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:39:13.0312 0x0aa8 Raspti - ok
20:39:13.0390 0x0aa8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:39:13.0562 0x0aa8 Rdbss - ok
20:39:13.0578 0x0aa8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:39:13.0671 0x0aa8 RDPCDD - ok
20:39:13.0781 0x0aa8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:39:13.0968 0x0aa8 rdpdr - ok
20:39:14.0062 0x0aa8 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:39:14.0171 0x0aa8 RDPWD - ok
20:39:14.0265 0x0aa8 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:39:14.0390 0x0aa8 RDSessMgr - ok
20:39:14.0421 0x0aa8 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:39:14.0515 0x0aa8 redbook - ok
20:39:14.0750 0x0aa8 [ 6987DC1DD7A7159752DFB1F6AABAE062, 490CC8D4045474412D23081EB980D9F911A6C3EB8F2A9497592153E0618383BE ] RegSrvc C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
20:39:15.0031 0x0aa8 RegSrvc - ok
20:39:15.0109 0x0aa8 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:39:15.0328 0x0aa8 RemoteAccess - ok
20:39:15.0375 0x0aa8 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:39:15.0500 0x0aa8 RemoteRegistry - ok
20:39:15.0578 0x0aa8 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:39:15.0671 0x0aa8 RpcLocator - ok
20:39:15.0843 0x0aa8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:39:16.0078 0x0aa8 RpcSs - ok
20:39:16.0171 0x0aa8 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:39:16.0343 0x0aa8 RSVP - ok
20:39:16.0687 0x0aa8 [ 662973C942738D4B2FE8147E63DE66B3, CD071195C35AAD291A09313110C32D5083F3AB3C3C3F391BD1DB438A55AD70C5 ] S24EventMonitor C:\Programme\Intel\WiFi\bin\S24EvMon.exe
20:39:17.0515 0x0aa8 S24EventMonitor - ok
20:39:17.0562 0x0aa8 [ 27FC71DA659305E260ACBDA15A318399, 1EBE27909E282454F49D22B4540A2DF8B774466453E928DB98330B9E83206A10 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:39:17.0593 0x0aa8 s24trans - ok
20:39:17.0625 0x0aa8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
20:39:17.0671 0x0aa8 SamSs - ok
20:39:17.0750 0x0aa8 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:39:17.0843 0x0aa8 SCardSvr - ok
20:39:17.0953 0x0aa8 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:39:18.0250 0x0aa8 Schedule - ok
20:39:18.0296 0x0aa8 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:39:18.0390 0x0aa8 sdbus - ok
20:39:19.0171 0x0aa8 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
20:39:20.0796 0x0aa8 SDScannerService - ok
20:39:22.0140 0x0aa8 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:39:24.0062 0x0aa8 SDUpdateService - ok
20:39:24.0203 0x0aa8 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:39:24.0328 0x0aa8 SDWSCService - ok
20:39:24.0359 0x0aa8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:39:24.0484 0x0aa8 Secdrv - ok
20:39:24.0515 0x0aa8 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:39:24.0578 0x0aa8 seclogon - ok
20:39:24.0609 0x0aa8 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
20:39:24.0687 0x0aa8 SENS - ok
20:39:24.0734 0x0aa8 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:39:24.0828 0x0aa8 Serial - ok
20:39:24.0859 0x0aa8 [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:39:24.0953 0x0aa8 sffdisk - ok
20:39:25.0000 0x0aa8 [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:39:25.0078 0x0aa8 sffp_sd - ok
20:39:25.0109 0x0aa8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:39:25.0156 0x0aa8 Sfloppy - ok
20:39:25.0312 0x0aa8 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:39:25.0609 0x0aa8 SharedAccess - ok
20:39:25.0703 0x0aa8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:39:25.0875 0x0aa8 ShellHWDetection - ok
20:39:25.0875 0x0aa8 Simbad - ok
20:39:25.0953 0x0aa8 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:39:26.0031 0x0aa8 SLIP - ok
20:39:26.0078 0x0aa8 [ CB94B013F943AFD0C6D3400804E9065E, 22CE8F9B5EF69D1702C83CC212E3FB17FD5239FE1C91BA5FEB35A26DFF324775 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:39:26.0093 0x0aa8 SmbDrvI - ok
20:39:26.0109 0x0aa8 Sparrow - ok
20:39:26.0125 0x0aa8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:39:26.0187 0x0aa8 splitter - ok
20:39:26.0234 0x0aa8 [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:39:26.0328 0x0aa8 Spooler - ok
20:39:26.0375 0x0aa8 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:39:26.0468 0x0aa8 sr - ok
20:39:26.0546 0x0aa8 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
20:39:26.0671 0x0aa8 srservice - ok
20:39:26.0796 0x0aa8 [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:39:27.0125 0x0aa8 Srv - ok
20:39:27.0187 0x0aa8 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:39:27.0343 0x0aa8 SSDPSRV - ok
20:39:27.0500 0x0aa8 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:39:27.0812 0x0aa8 stisvc - ok
20:39:27.0828 0x0aa8 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:39:27.0906 0x0aa8 streamip - ok
20:39:27.0921 0x0aa8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:39:28.0015 0x0aa8 swenum - ok
20:39:28.0046 0x0aa8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:39:28.0140 0x0aa8 swmidi - ok
20:39:28.0140 0x0aa8 SwPrv - ok
20:39:28.0140 0x0aa8 symc810 - ok
20:39:28.0140 0x0aa8 symc8xx - ok
20:39:28.0140 0x0aa8 sym_hi - ok
20:39:28.0156 0x0aa8 sym_u3 - ok
20:39:28.0296 0x0aa8 [ 04693411EE5698386BE14CB5767784BE, F04EC853B352B7393A78DD2990EB96DD07FBA009DF9883F8F0B49F9761C30D06 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:39:28.0531 0x0aa8 SynTP - ok
20:39:28.0578 0x0aa8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:39:28.0671 0x0aa8 sysaudio - ok
20:39:28.0734 0x0aa8 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:39:28.0843 0x0aa8 SysmonLog - ok
20:39:28.0968 0x0aa8 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:39:29.0171 0x0aa8 TapiSrv - ok
20:39:29.0312 0x0aa8 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:39:29.0609 0x0aa8 Tcpip - ok
20:39:29.0625 0x0aa8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:39:29.0687 0x0aa8 TDPIPE - ok
20:39:29.0718 0x0aa8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:39:29.0781 0x0aa8 TDTCP - ok
20:39:29.0828 0x0aa8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:39:29.0906 0x0aa8 TermDD - ok
20:39:30.0062 0x0aa8 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
20:39:30.0234 0x0aa8 TermService - ok
20:39:30.0296 0x0aa8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:39:30.0359 0x0aa8 Themes - ok
20:39:30.0437 0x0aa8 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:39:30.0500 0x0aa8 TlntSvr - ok
20:39:30.0515 0x0aa8 TosIde - ok
20:39:30.0562 0x0aa8 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:39:30.0671 0x0aa8 TrkWks - ok
20:39:30.0734 0x0aa8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:39:30.0843 0x0aa8 Udfs - ok
20:39:30.0843 0x0aa8 ultra - ok
20:39:31.0015 0x0aa8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:39:31.0312 0x0aa8 Update - ok
20:39:31.0421 0x0aa8 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:39:31.0531 0x0aa8 upnphost - ok
20:39:31.0546 0x0aa8 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
20:39:31.0625 0x0aa8 UPS - ok
20:39:31.0656 0x0aa8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:39:31.0734 0x0aa8 usbccgp - ok
20:39:31.0765 0x0aa8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:39:31.0843 0x0aa8 usbehci - ok
20:39:31.0875 0x0aa8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:39:31.0984 0x0aa8 usbhub - ok
20:39:32.0031 0x0aa8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:39:32.0109 0x0aa8 USBSTOR - ok
20:39:32.0125 0x0aa8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:39:32.0203 0x0aa8 usbuhci - ok
20:39:32.0281 0x0aa8 [ 63BBFCA7F390F4C49ED4B96BFB1633E0, AEB89CF43376709CDD715D844E8CBB8F2BE24D39795F45F7C84F21962F3A52AB ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:39:32.0375 0x0aa8 usbvideo - ok
20:39:32.0406 0x0aa8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:39:32.0468 0x0aa8 VgaSave - ok
20:39:32.0468 0x0aa8 ViaIde - ok
20:39:32.0500 0x0aa8 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:39:32.0578 0x0aa8 VolSnap - ok
20:39:32.0703 0x0aa8 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
20:39:32.0859 0x0aa8 VSS - ok
20:39:32.0937 0x0aa8 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
20:39:33.0062 0x0aa8 W32Time - ok
20:39:33.0078 0x0aa8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:39:33.0171 0x0aa8 Wanarp - ok
20:39:33.0359 0x0aa8 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:39:33.0625 0x0aa8 Wdf01000 - ok
20:39:33.0640 0x0aa8 WDICA - ok
20:39:33.0687 0x0aa8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:39:33.0781 0x0aa8 wdmaud - ok
20:39:33.0828 0x0aa8 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
20:39:33.0921 0x0aa8 WebClient - ok
20:39:34.0093 0x0aa8 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:39:34.0218 0x0aa8 winmgmt - ok
20:39:34.0265 0x0aa8 [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
20:39:34.0375 0x0aa8 WmdmPmSN - ok
20:39:34.0640 0x0aa8 [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:39:35.0171 0x0aa8 Wmi - ok
20:39:35.0203 0x0aa8 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:39:35.0250 0x0aa8 WmiAcpi - ok
20:39:35.0328 0x0aa8 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:39:35.0437 0x0aa8 WmiApSrv - ok
20:39:35.0875 0x0aa8 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:39:36.0359 0x0aa8 WPFFontCache_v0400 - ok
20:39:36.0421 0x0aa8 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:39:36.0515 0x0aa8 wscsvc - ok
20:39:36.0531 0x0aa8 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:39:36.0609 0x0aa8 WSTCODEC - ok
20:39:36.0625 0x0aa8 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:39:36.0687 0x0aa8 wuauserv - ok
20:39:36.0875 0x0aa8 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:39:37.0234 0x0aa8 WZCSVC - ok
20:39:37.0328 0x0aa8 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:39:37.0437 0x0aa8 xmlprov - ok
20:39:37.0453 0x0aa8 ================ Scan global ===============================
20:39:37.0500 0x0aa8 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
20:39:37.0625 0x0aa8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] C:\WINDOWS\system32\winsrv.dll
20:39:37.0843 0x0aa8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] C:\WINDOWS\system32\winsrv.dll
20:39:37.0906 0x0aa8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] C:\WINDOWS\system32\services.exe
20:39:37.0906 0x0aa8 [ Global ] - ok
20:39:37.0906 0x0aa8 ================ Scan MBR ==================================
20:39:37.0937 0x0aa8 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:39:38.0453 0x0aa8 \Device\Harddisk0\DR0 - ok
20:39:38.0453 0x0aa8 ================ Scan VBR ==================================
20:39:38.0453 0x0aa8 [ ED436E4C3EEB6C4C405A63FB7F0BDEBF ] \Device\Harddisk0\DR0\Partition1
20:39:38.0453 0x0aa8 \Device\Harddisk0\DR0\Partition1 - ok
20:39:38.0468 0x0aa8 [ D22327DB8C666B71EB4EF733A80991F4 ] \Device\Harddisk0\DR0\Partition2
20:39:38.0468 0x0aa8 \Device\Harddisk0\DR0\Partition2 - ok
20:39:38.0468 0x0aa8 ================ Scan generic autorun ======================
20:39:38.0515 0x0aa8 [ DC9C9C409D096F8280546F010A8392A5, 58FBFA6A9890BE681A35E57089F711AB1C0CCD2B0C59F601DF71D0E2FFFD7327 ] C:\Programme\RotateImage\RCIMGDIR.exe
20:39:38.0546 0x0aa8 RotateImage - detected UnsignedFile.Multi.Generic ( 1 )
20:39:38.0546 0x0aa8 RotateImage ( UnsignedFile.Multi.Generic ) - warning
20:39:38.0703 0x0aa8 [ 0700EA00C2CBB1F89E2681F90A14820C, 8B7BA9C5D72A2CEAA03BDFBAE3E0D9F2E144DFF9EDEB088423EA4BCA82DC2FC6 ] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:39:38.0734 0x0aa8 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:39:38.0734 0x0aa8 StartCCC ( UnsignedFile.Multi.Generic ) - warning
20:39:40.0796 0x0aa8 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] E:\Programme_Tom\avast\AvastUI.exe
20:39:45.0078 0x0aa8 AvastUI.exe - ok
20:39:46.0593 0x0aa8 [ E66089AD8620B8AF4F775D6F16FFA546, 348069F63EDBB1100BE274CA0408C0E654178931DE2AC2F0034B8024D8E03FE8 ] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
20:39:47.0578 0x0aa8 SynTPEnh - ok
20:39:47.0796 0x0aa8 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
20:39:47.0828 0x0aa8 SunJavaUpdateSched - ok
20:39:47.0890 0x0aa8 [ 68B7A5320065FCC7F4DF5A0DC3281EA5, 1B0526C04F78A0F824C20AF92C887488A897A228A13DD8939C2E115039466C34 ] E:\Programme_Tom\CloneCD\CloneCDTray.exe
20:39:47.0921 0x0aa8 CloneCDTray - detected UnsignedFile.Multi.Generic ( 1 )
20:39:47.0921 0x0aa8 CloneCDTray ( UnsignedFile.Multi.Generic ) - warning
20:39:50.0046 0x0aa8 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
20:39:52.0093 0x0aa8 SDTray - ok
20:39:52.0140 0x0aa8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
20:39:52.0328 0x0aa8 CTFMON.EXE - ok
20:39:52.0343 0x0aa8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
20:39:52.0390 0x0aa8 CTFMON.EXE - ok
20:39:52.0406 0x0aa8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
20:39:52.0453 0x0aa8 CTFMON.EXE - ok
20:39:52.0468 0x0aa8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
20:39:52.0531 0x0aa8 CTFMON.EXE - ok
20:39:52.0531 0x0aa8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
20:39:52.0593 0x0aa8 CTFMON.EXE - ok
20:39:52.0609 0x0aa8 AV detected via SS1: avast! Antivirus, 5.0.150996965, disabled, updated
20:39:52.0609 0x0aa8 Win FW state via NFM: enabled
20:39:52.0609 0x0aa8 ============================================================
20:39:52.0609 0x0aa8 Scan finished
20:39:52.0609 0x0aa8 ============================================================
20:39:52.0609 0x0e24 Detected object count: 6
20:39:52.0609 0x0e24 Actual detected object count: 6
20:40:05.0015 0x0e24 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:05.0015 0x0e24 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:05.0015 0x0e24 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:05.0015 0x0e24 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:05.0015 0x0e24 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:05.0015 0x0e24 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:05.0015 0x0e24 RotateImage ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:05.0015 0x0e24 RotateImage ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:05.0015 0x0e24 StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:05.0015 0x0e24 StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:05.0015 0x0e24 CloneCDTray ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:05.0015 0x0e24 CloneCDTray ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.09.2014, 13:21
| #6 |
| /// the machine /// TB-Ausbilder | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? hi, Scan mit Combofix
__________________ --> Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? |
|
28.09.2014, 18:57
| #7 |
| | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? Danke für die Hilfe. Code:
ATTFilter ComboFix 14-09-29.02 - tom 28.09.2014 19:37:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3066.1979 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\tom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-28 bis 2014-09-28 ))))))))))))))))))))))))))))))
.
.
2014-09-26 16:02 . 2014-09-26 19:05 -------- d-----w- C:\FRST
2014-09-25 15:27 . 2014-09-25 15:27 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2014-09-25 15:25 . 2013-09-20 08:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-09-25 15:24 . 2014-09-25 15:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2014-09-25 15:24 . 2014-09-25 15:27 -------- d-----w- c:\programme\Spybot - Search & Destroy 2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-13 17:26 . 2014-01-12 17:13 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-13 17:25 . 2014-07-13 17:25 43152 ----a-w- c:\windows\avastSS.scr
2014-07-13 17:25 . 2014-04-19 17:49 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-13 17:25 . 2014-01-12 17:13 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-13 17:25 . 2014-01-12 17:13 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-13 17:25 . 2014-01-12 17:13 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-13 17:25 . 2014-01-12 17:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-13 17:25 . 2014-01-12 17:13 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-07-13 17:25 . 2014-01-12 17:13 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-07-13 17:25 . 2014-01-12 17:13 276432 ----a-w- c:\windows\system32\aswBoot.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-03 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-13 17:25 578240 ----a-w- e:\programme_tom\avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\programme\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"AvastUI.exe"="e:\programme_tom\avast\AvastUI.exe" [2014-08-08 4085896]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2013-11-15 2379504]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2013-07-02 254336]
"CloneCDTray"="e:\programme_tom\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\tom_2\Startmenü\Programme\Autostart\
OpenOffice.org 3.4.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Winsol_Autostart.lnk - c:\programme\Technische Alternative_temp\Winsol\Winsol.exe -a [2014-1-12 4595200]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Programme_Tom\\Bitcoin\\bitcoin-qt.exe"=
"e:\\Programme_Tom\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12.01.2014 19:13 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12.01.2014 19:13 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [12.01.2014 19:13 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [12.01.2014 19:13 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [19.04.2014 19:49 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [12.01.2014 19:13 67824]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [11.01.2014 22:08 187776]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11.01.2014 22:09 250584]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwNx32.sys [11.01.2014 22:44 7476864]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [11.01.2014 22:07 39280]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [25.09.2014 17:25 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [25.09.2014 17:25 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [25.09.2014 17:25 171928]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 17894929
*Deregistered* - 17894929
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-27 c:\windows\Tasks\avast! Emergency Update.job
- e:\programme_tom\avast\AvastEmUpdate.exe [2014-07-13 17:25]
.
2014-09-27 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2014-09-25 09:52]
.
2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2014-01-11 20:55]
.
2014-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2014-01-11 20:55]
.
2014-09-27 c:\windows\Tasks\Opera scheduled Autoupdate 1403953864.job
- c:\dokumente und einstellungen\tom_2\Lokale Einstellungen\Anwendungsdaten\Programs\Opera\launcher.exe [2014-06-28 08:48]
.
2014-09-25 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2014-09-25 08:41]
.
2014-09-25 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2014-09-25 08:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.234.128.7 195.234.128.16 192.168.1.1
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://ftp-01.juwi.de/COM/MOVEitUploadWizard7.0.0.ocx
FF - ProfilePath - c:\dokumente und einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_39185cd2c735440b8bf0e2bc3b685f0b_39_1007_20140116_DE_ff_ab_&query=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\dokumente und einstellungen\tom_2\Startmenü\Programme\Autostart\MyPC Backup.lnk - c:\programme\MyPC Backup\MyPC Backup.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Memory Manager_is1 - c:\programme\Technische Alternative\Memory Manager\unins000.exe
AddRemove-TA-Designer_is1 - c:\programme\Technische Alternative\TA-Designer\unins000.exe
AddRemove-TAPPS DE_is1 - c:\programme\Technische Alternative\Tapps\unins000.exe
AddRemove-Winsol_is1 - c:\programme\Technische Alternative\Winsol\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-09-28 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'winlogon.exe'(1416)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5300)
c:\progra~1\GEMEIN~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1031\GrooveIntlResource.dll
.
- - - - - - - > 'explorer.exe'(5452)
c:\progra~1\GEMEIN~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1031\GrooveIntlResource.dll
.
Zeit der Fertigstellung: 2014-09-28 19:46:52
ComboFix-quarantined-files.txt 2014-09-28 17:46
.
Vor Suchlauf: 11 Verzeichnis(se), 15.721.664.512 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 16.782.274.560 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1056EB38877EB06B0E09C9639939B860
72B8CE41AF0DE751C946802B3ED844B4
|
|
29.09.2014, 16:05
| #8 |
| /// the machine /// TB-Ausbilder | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2014, 23:24
| #9 |
| | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? Danke, hab es versucht nach deiner Vorgabe durchzuführen: mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.09.2014 Suchlauf-Zeit: 19:02:36 Logdatei: malware.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.29.09 Rootkit Datenbank: v2014.09.19.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: tom Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 362896 Verstrichene Zeit: 19 Min, 1 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.AlexaTB.A, HKU\S-1-5-21-507921405-776561741-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, In Quarantäne, [95d8648f9ddefe38c35c39267e862bd5], PUP.Optional.Softonic.A, HKU\S-1-5-21-507921405-776561741-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [4924ed0624571e18acd85bd61ee53ac6], PUP.Optional.Softonic.A, HKU\S-1-5-21-507921405-776561741-1417001333-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [c5a89d56cfac8ea895efc968788bf907], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.Softonic.A, C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Downloads\SoftonicDownloader_for_7-zip.exe, In Quarantäne, [d796e90adaa12b0bd04836fcf908f10f], PUP.Optional.ClientConnect, C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Downloads\GoogleSketchUpWDE.exe, In Quarantäne, [caa3bc37f883979f0461c2ef6e93649c], PUP.Optional.Ask.A, C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1&systemid=413&v=a9397-124&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=2281384138734685&o=APN10649&q=");), Ersetzt,[f77605ee16651a1cf6f2df6542c30cf4] Physische Sektoren: 0 (No malicious items detected) (end) Adwarecleaner Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 29/09/2014 um 23:27:42
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : tom - LENO
# Gestartet von : C:\Dokumente und Einstellungen\tom\Desktop\AdwCleaner_3.310.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\foxydeal.sqlite
Datei Gefunden : C:\Dokumente und Einstellungen\tom_2\Desktop\MyPC Backup.lnk
Ordner Gefunden : C:\Dokumente und Einstellungen\tom\Anwendungsdaten\pdfforge
Ordner Gefunden : C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\MyPC Backup
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\distromatic
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
***** [ Browser ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R0].txt - [2272 octets] - [29/09/2014 23:20:08]
AdwCleaner[R1].txt - [2192 octets] - [29/09/2014 23:27:42]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2252 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Microsoft Windows XP x86
Ran by tom on 29.09.2014 at 23:43:28,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\tom\Anwendungsdaten\pdfforge"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2014 at 23:47:45,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014 Ran by tom (administrator) on LENO on 30-09-2014 00:13:39 Running from C:\Dokumente und Einstellungen\tom_2\Desktop Loaded Profiles: tom & tom_2 (Available profiles: tom & tom_2 & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe (AVAST Software) E:\Programme_Tom\avast\AvastSvc.exe (Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) E:\Programme_Tom\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Malwarebytes Corporation) C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Malwarebytes Corporation) C:\Programme\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe (AVAST Software) E:\Programme_Tom\avast\avastui.exe (Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe (ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.bin ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RotateImage] => C:\Programme\RotateImage\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.) HKLM\...\Run: [StartCCC] => C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AvastUI.exe] => E:\Programme_Tom\avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [CloneCDTray] => E:\Programme_Tom\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.) HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk ShortcutTarget: Winsol_Autostart.lnk -> C:\Programme\Technische Alternative_temp\Winsol\Winsol.exe (Technische Alternative GmbH) Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Programme\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme_Tom\avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme_Tom\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme_Tom\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://ftp-01.juwi.de/COM/MOVEitUploadWizard7.0.0.ocx Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default FF SearchEngineOrder.1: Amazon FF Homepage: www.google.de FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_39185cd2c735440b8bf0e2bc3b685f0b_39_1007_20140116_DE_ff_ab_&query= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @garmin.com/GpsControl -> C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Programme_Tom\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tradesignal Online Chart - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-29] FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-29] FF Extension: Ghostery - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\firefox@ghostery.com.xpi [2014-01-11] FF Extension: TrackMeNot - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-01-11] FF Extension: Readability - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2014-01-11] FF Extension: NoScript - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-11] FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11] FF Extension: BetterPrivacy - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11] FF Extension: Greasemonkey - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-11] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme_Tom\avast\WebRep\FF FF Extension: avast! Online Security - E:\Programme_Tom\avast\WebRep\FF [2014-01-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-13] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme_Tom\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; E:\Programme_Tom\avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software) R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [870672 2011-10-24] (Intel(R) Corporation) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.) R2 JavaQuickStarterService; E:\Programme_Tom\Java\jre7\bin\jqs.exe [182696 2014-01-22] (Oracle Corporation) S4 MBAMScheduler; C:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Microsoft SharePoint Workspace Audit Service; C:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-28] (Microsoft Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-25] (Mozilla Foundation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation) R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [481552 2011-10-24] (Intel(R) Corporation) R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [882960 2011-10-24] (Intel(R) Corporation) S2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 5U875UVC; C:\WINDOWS\System32\DRIVERS\RCUVCMNP.sys [187776 2009-10-23] (Ricoh co.,Ltd.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-01-11] (Cisco Systems, Inc.) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-13] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-13] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-13] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-13] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-13] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2011-09-20] (Conexant Systems Inc.) R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [250584 2011-10-20] (Intel Corporation) R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG) S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-09] (GARMIN Corp.) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7476864 2011-10-31] (Intel Corporation) S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] U0 rlkiuprn; C:\WINDOWS\System32\drivers\yosvsd.sys [52440 2014-09-29] (Malwarebytes Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated) S3 catchme; \??\C:\DOKUME~1\tom\LOKALE~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 23:49 - 2014-09-29 23:47 - 00000675 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\JRT.txt 2014-09-29 23:49 - 2014-09-29 23:42 - 00002332 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\AdwCleaner[R1].txt 2014-09-29 23:49 - 2014-09-29 23:11 - 00002416 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\mbam.txt 2014-09-29 23:47 - 2014-09-29 23:47 - 00000675 _____ () C:\Dokumente und Einstellungen\tom\Desktop\JRT.txt 2014-09-29 23:42 - 2014-09-29 23:42 - 00002332 _____ () C:\Dokumente und Einstellungen\tom\Desktop\AdwCleaner[R1].txt 2014-09-29 23:42 - 2014-09-29 23:42 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-09-29 23:20 - 2014-09-29 23:28 - 00000000 ____D () C:\AdwCleaner 2014-09-29 23:11 - 2014-09-29 23:11 - 00002416 _____ () C:\Dokumente und Einstellungen\tom\Desktop\mbam.txt 2014-09-29 23:10 - 2014-09-29 23:10 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yosvsd.sys 2014-09-29 23:10 - 2014-09-29 23:10 - 00000402 _____ () C:\WINDOWS\system32\gdss 2014-09-29 18:43 - 2014-09-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-09-29 18:01 - 2014-09-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 18:00 - 2014-09-29 18:00 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-29 18:00 - 2014-09-29 18:00 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-09-29 18:00 - 2014-09-29 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-09-29 18:00 - 2014-09-29 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-09-29 18:00 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-29 18:00 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-29 17:57 - 2014-09-29 17:56 - 01699276 _____ (Thisisu) C:\Dokumente und Einstellungen\tom\Desktop\JRT.exe 2014-09-29 17:57 - 2014-09-29 17:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\tom\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-29 17:57 - 2014-09-29 17:55 - 01373475 _____ () C:\Dokumente und Einstellungen\tom\Desktop\AdwCleaner_3.310.exe 2014-09-28 19:46 - 2014-09-30 00:15 - 00000000 ____D () C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-30 00:09 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00010937 _____ () C:\ComboFix.txt 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp 2014-09-28 19:35 - 2014-09-28 19:35 - 00000000 _RSHD () C:\cmdcons 2014-09-28 19:35 - 2014-01-20 18:07 - 00000211 _____ () C:\Boot.bak 2014-09-28 19:35 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr 2014-09-28 19:32 - 2014-09-28 19:46 - 00000000 ____D () C:\Qoobox 2014-09-28 19:32 - 2014-09-28 19:32 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom\Startmenü\Programme\Verwaltung 2014-09-28 19:32 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-09-28 19:32 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-09-28 19:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-09-28 19:31 - 2014-09-28 19:45 - 00000000 ____D () C:\WINDOWS\erdnt 2014-09-28 19:28 - 2014-09-28 19:26 - 05582345 ____R (Swearware) C:\Dokumente und Einstellungen\tom\Desktop\ComboFix.exe 2014-09-27 20:35 - 2014-09-27 20:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\tom\Desktop\tdsskiller.exe 2014-09-26 21:57 - 2014-09-26 21:57 - 00019862 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\logfiles.7z 2014-09-26 21:41 - 2014-09-26 21:41 - 00033243 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Gmer.txt 2014-09-26 21:04 - 2014-09-26 21:05 - 00090959 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Addition.txt 2014-09-26 21:02 - 2014-09-26 21:05 - 00028809 _____ () C:\Dokumente und Einstellungen\tom\Desktop\FRST.txt 2014-09-26 21:02 - 2014-09-26 18:19 - 00380416 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Gmer-19357.exe 2014-09-26 21:02 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom\Desktop\FRST.exe 2014-09-26 19:40 - 2014-09-26 21:41 - 00033243 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer.txt 2014-09-26 18:38 - 2014-09-26 18:19 - 00380416 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe 2014-09-26 18:35 - 2014-09-26 18:35 - 00049698 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Neu Textdokument.txt 2014-09-26 18:03 - 2014-09-30 00:15 - 00017254 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.txt 2014-09-26 18:03 - 2014-09-26 21:05 - 00090959 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Addition.txt 2014-09-26 18:02 - 2014-09-30 00:14 - 00000000 ____D () C:\FRST 2014-09-26 18:01 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.exe 2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Startmenü\Programme 2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Startmenü 2014-09-25 17:25 - 2014-09-30 00:02 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-09-25 17:25 - 2014-09-25 17:25 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-09-25 17:25 - 2014-09-25 17:25 - 00001806 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk 2014-09-25 17:25 - 2014-09-25 17:25 - 00001800 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk 2014-09-25 17:25 - 2014-09-25 17:25 - 00000608 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2014-09-25 17:25 - 2014-09-25 17:25 - 00000438 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2014-09-25 17:25 - 2014-09-25 17:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 2014-09-25 17:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2014-09-25 17:24 - 2014-09-25 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2014-09-25 17:24 - 2014-09-25 17:27 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2 2014-09-25 16:33 - 2014-09-25 16:34 - 00000000 ____D () C:\Programme\Mozilla Firefox 2014-09-25 14:58 - 2014-09-25 14:58 - 00048482 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip 2014-09-04 21:42 - 2014-09-04 21:43 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\mona_spain2014 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 00:02 - 2014-06-28 13:11 - 00000530 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job 2014-09-30 00:02 - 2014-01-12 19:13 - 00000334 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-09-30 00:02 - 2014-01-11 22:55 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-30 00:02 - 2014-01-09 21:05 - 00375306 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-30 00:01 - 2014-01-09 21:18 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom\ntuser.ini 2014-09-30 00:00 - 2014-01-12 11:10 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom_2\ntuser.ini 2014-09-29 23:31 - 2014-01-11 22:55 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-29 18:42 - 2014-01-09 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-29 18:42 - 2014-01-09 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-29 18:40 - 2014-01-09 21:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-29 18:40 - 2014-01-09 21:09 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService 2014-09-29 18:40 - 2001-08-18 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-29 18:36 - 2014-01-09 21:10 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-29 18:34 - 2014-08-13 08:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2014-09-29 18:00 - 2014-01-09 20:20 - 00000000 ___RD () C:\Programme 2014-09-29 18:00 - 2014-01-09 20:20 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2014-09-28 21:13 - 2014-01-12 11:10 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Eigene Bilder 2014-09-28 19:45 - 2014-01-12 11:10 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart 2014-09-28 19:44 - 2001-08-18 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-09-28 19:35 - 2014-01-09 21:01 - 00000327 __RSH () C:\boot.ini 2014-09-28 19:32 - 2014-01-09 21:18 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom\Startmenü\Programme 2014-09-27 20:41 - 2014-01-20 17:50 - 00452809 _____ () C:\WINDOWS\setupapi.log 2014-09-27 12:58 - 2014-01-11 21:47 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2014-09-26 21:00 - 2014-01-20 17:00 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini 2014-09-26 17:40 - 2014-07-25 19:15 - 00000041 ___SH () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib 2014-09-26 17:39 - 2014-01-09 20:18 - 00295664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-25 17:27 - 2014-01-09 21:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService 2014-09-20 19:55 - 2014-06-15 14:27 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\vlc 2014-09-14 19:35 - 2014-01-13 21:04 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\vertrag 2014-09-13 23:16 - 2014-01-12 22:23 - 00000868 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Winsol.lnk 2014-09-13 22:18 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2 2014-09-01 18:26 - 2014-08-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\Bogenschießen pcad4 ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ --- --- --- |
|
30.09.2014, 15:29
| #10 |
| /// the machine /// TB-Ausbilder | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.10.2014, 07:51
| #11 |
| | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? alle scans sind durchglaufen Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3bca4eb18523f84fa3ea11109a0d8563
# engine=20373
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-01 12:15:13
# local_time=2014-10-01 02:15:13 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 376579 22579297 0 0
# scanned=69571
# found=8
# cleaned=8
# scan_time=14160
sh=E1476812A4BD414F53416C93AF14D22BFEFBFF7D ft=1 fh=e6a33b27fb0ee099 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Babylon9_setup.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Downloads\cbsidlm-cbsi188-Free_MP4_Player-ORG-75965047.exe"
sh=95129AE3586AE1878F522D8F77133D01E34ACE88 ft=1 fh=8bd35e5873f7a997 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Downloads\SketchUp - CHIP-Downloader.exe"
sh=55C1E9F0394507B29504D152004A6A8153D5CBDD ft=1 fh=e069f5278077cfb9 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Downloads\VLC media player 32 Bit - CHIP-Installer.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\_restore{B2AA185C-127A-47B1-9101-3F72894702C5}\RP4\A0001031.exe"
sh=BC7CA6B3E795EAD203779FBAE809D5A8902FD284 ft=1 fh=3f9bb3ad51b4f82b vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\_restore{B2AA185C-127A-47B1-9101-3F72894702C5}\RP4\A0001034.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\download_tom\pdfcreator-1_7_2_setup.exe"
sh=BC7CA6B3E795EAD203779FBAE809D5A8902FD284 ft=1 fh=3f9bb3ad51b4f82b vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\download_tom\SoftonicDownloader_fuer_netstumbler.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows XP Service Pack 3 x86 Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Warten Sie, w„hrend WMIC installiert wird.d i s p l a y N a m e ECHO ist ausgeschaltet (OFF). a v a s t ! ECHO ist ausgeschaltet (OFF). A n t i v i r u s ECHO ist ausgeschaltet (OFF). Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 7 Update 51 Java version out of Date! Adobe Flash Player 12.0.0.43 Flash Player out of Date! Mozilla Firefox (32.0.3) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! avast AvastSvc.exe avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014 Ran by tom (administrator) on LENO on 01-10-2014 08:43:46 Running from C:\Dokumente und Einstellungen\tom\Desktop Loaded Profiles: tom & tom_2 & Administrator (Available profiles: tom & tom_2 & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe (AVAST Software) E:\Programme_Tom\avast\AvastSvc.exe (Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) E:\Programme_Tom\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Malwarebytes Corporation) C:\Programme\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe (AVAST Software) E:\Programme_Tom\avast\avastui.exe (Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe (ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.bin (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Programme\Mozilla Thunderbird\thunderbird.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe (Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVAST Software) E:\Programme_Tom\avast\avastui.exe (Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDScan.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RotateImage] => C:\Programme\RotateImage\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.) HKLM\...\Run: [StartCCC] => C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AvastUI.exe] => E:\Programme_Tom\avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [CloneCDTray] => E:\Programme_Tom\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.) HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk ShortcutTarget: Winsol_Autostart.lnk -> C:\Programme\Technische Alternative_temp\Winsol\Winsol.exe (Technische Alternative GmbH) Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Programme\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme_Tom\avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme_Tom\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme_Tom\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://ftp-01.juwi.de/COM/MOVEitUploadWizard7.0.0.ocx Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default FF SearchEngineOrder.1: Amazon FF Homepage: www.google.de FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_39185cd2c735440b8bf0e2bc3b685f0b_39_1007_20140116_DE_ff_ab_&query= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @garmin.com/GpsControl -> C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Programme_Tom\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Tradesignal Online Chart - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-29] FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-29] FF Extension: Ghostery - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\firefox@ghostery.com.xpi [2014-01-11] FF Extension: TrackMeNot - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-01-11] FF Extension: Readability - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2014-01-11] FF Extension: NoScript - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-11] FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11] FF Extension: BetterPrivacy - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11] FF Extension: Greasemonkey - C:\Dokumente und Einstellungen\tom\Anwendungsdaten\Mozilla\Firefox\Profiles\ealdwnhr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-11] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme_Tom\avast\WebRep\FF FF Extension: avast! Online Security - E:\Programme_Tom\avast\WebRep\FF [2014-01-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-13] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme_Tom\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; E:\Programme_Tom\avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software) R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [870672 2011-10-24] (Intel(R) Corporation) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.) R2 JavaQuickStarterService; E:\Programme_Tom\Java\jre7\bin\jqs.exe [182696 2014-01-22] (Oracle Corporation) S2 MBAMScheduler; C:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 Microsoft SharePoint Workspace Audit Service; C:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-28] (Microsoft Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-25] (Mozilla Foundation) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation) R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [481552 2011-10-24] (Intel(R) Corporation) R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [882960 2011-10-24] (Intel(R) Corporation) S2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 5U875UVC; C:\WINDOWS\System32\DRIVERS\RCUVCMNP.sys [187776 2009-10-23] (Ricoh co.,Ltd.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-01-11] (Cisco Systems, Inc.) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-13] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-13] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-13] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-13] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-13] () S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2011-09-20] (Conexant Systems Inc.) R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [250584 2011-10-20] (Intel Corporation) R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG) S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-09] (GARMIN Corp.) [File not signed] S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7476864 2011-10-31] (Intel Corporation) S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] U0 rlkiuprn; C:\WINDOWS\System32\drivers\yosvsd.sys [52440 2014-09-29] (Malwarebytes Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated) S3 catchme; \??\C:\DOKUME~1\tom\LOKALE~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 08:43 - 2014-10-01 08:43 - 00001207 _____ () C:\Dokumente und Einstellungen\tom\Desktop\checkup.txt 2014-10-01 02:29 - 2014-10-01 02:29 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-09-30 22:07 - 2014-09-30 22:07 - 00000000 ____D () C:\Programme\ESET 2014-09-30 22:05 - 2014-09-30 21:58 - 00854417 _____ () C:\Dokumente und Einstellungen\tom\Desktop\SecurityCheck.exe 2014-09-30 22:05 - 2014-09-30 21:57 - 02347384 _____ (ESET) C:\Dokumente und Einstellungen\tom\Desktop\esetsmartinstaller_deu.exe 2014-09-29 23:49 - 2014-09-29 23:47 - 00000675 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\JRT.txt 2014-09-29 23:49 - 2014-09-29 23:42 - 00002332 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\AdwCleaner[R1].txt 2014-09-29 23:49 - 2014-09-29 23:11 - 00002416 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\mbam.txt 2014-09-29 23:47 - 2014-09-29 23:47 - 00000675 _____ () C:\Dokumente und Einstellungen\tom\Desktop\JRT.txt 2014-09-29 23:42 - 2014-09-29 23:42 - 00002332 _____ () C:\Dokumente und Einstellungen\tom\Desktop\AdwCleaner[R1].txt 2014-09-29 23:42 - 2014-09-29 23:42 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-09-29 23:20 - 2014-09-29 23:28 - 00000000 ____D () C:\AdwCleaner 2014-09-29 23:11 - 2014-09-29 23:11 - 00002416 _____ () C:\Dokumente und Einstellungen\tom\Desktop\mbam.txt 2014-09-29 23:10 - 2014-09-29 23:10 - 00052440 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\yosvsd.sys 2014-09-29 23:10 - 2014-09-29 23:10 - 00000402 _____ () C:\WINDOWS\system32\gdss 2014-09-29 18:43 - 2014-09-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-09-29 18:01 - 2014-09-30 22:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 18:00 - 2014-09-29 18:00 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-29 18:00 - 2014-09-29 18:00 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2014-09-29 18:00 - 2014-09-29 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2014-09-29 18:00 - 2014-09-29 18:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2014-09-29 18:00 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-29 18:00 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-29 17:57 - 2014-09-29 17:56 - 01699276 _____ (Thisisu) C:\Dokumente und Einstellungen\tom\Desktop\JRT.exe 2014-09-29 17:57 - 2014-09-29 17:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\tom\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-29 17:57 - 2014-09-29 17:55 - 01373475 _____ () C:\Dokumente und Einstellungen\tom\Desktop\AdwCleaner_3.310.exe 2014-09-28 19:46 - 2014-10-01 08:45 - 00000000 ____D () C:\Dokumente und Einstellungen\tom\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-30 22:00 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00010937 _____ () C:\ComboFix.txt 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp 2014-09-28 19:46 - 2014-09-28 19:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp 2014-09-28 19:35 - 2014-09-28 19:35 - 00000000 _RSHD () C:\cmdcons 2014-09-28 19:35 - 2014-01-20 18:07 - 00000211 _____ () C:\Boot.bak 2014-09-28 19:35 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr 2014-09-28 19:32 - 2014-09-28 19:46 - 00000000 ____D () C:\Qoobox 2014-09-28 19:32 - 2014-09-28 19:32 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom\Startmenü\Programme\Verwaltung 2014-09-28 19:32 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-09-28 19:32 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-09-28 19:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-09-28 19:32 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-09-28 19:31 - 2014-09-28 19:45 - 00000000 ____D () C:\WINDOWS\erdnt 2014-09-28 19:28 - 2014-09-28 19:26 - 05582345 ____R (Swearware) C:\Dokumente und Einstellungen\tom\Desktop\ComboFix.exe 2014-09-27 20:35 - 2014-09-27 20:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\tom\Desktop\tdsskiller.exe 2014-09-26 21:57 - 2014-09-26 21:57 - 00019862 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\logfiles.7z 2014-09-26 21:41 - 2014-09-26 21:41 - 00033243 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Gmer.txt 2014-09-26 21:04 - 2014-09-26 21:05 - 00090959 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Addition.txt 2014-09-26 21:02 - 2014-10-01 08:45 - 00018084 _____ () C:\Dokumente und Einstellungen\tom\Desktop\FRST.txt 2014-09-26 21:02 - 2014-09-26 18:19 - 00380416 _____ () C:\Dokumente und Einstellungen\tom\Desktop\Gmer-19357.exe 2014-09-26 21:02 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom\Desktop\FRST.exe 2014-09-26 19:40 - 2014-09-26 21:41 - 00033243 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer.txt 2014-09-26 18:38 - 2014-09-26 18:19 - 00380416 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe 2014-09-26 18:35 - 2014-09-26 18:35 - 00049698 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Neu Textdokument.txt 2014-09-26 18:03 - 2014-09-30 00:15 - 00029397 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.txt 2014-09-26 18:03 - 2014-09-26 21:05 - 00090959 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Addition.txt 2014-09-26 18:02 - 2014-10-01 08:43 - 00000000 ____D () C:\FRST 2014-09-26 18:01 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.exe 2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Startmenü\Programme 2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Startmenü 2014-09-25 17:25 - 2014-10-01 00:30 - 00000608 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2014-09-25 17:25 - 2014-10-01 00:30 - 00000438 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2014-09-25 17:25 - 2014-09-30 00:02 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-09-25 17:25 - 2014-09-25 17:25 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-09-25 17:25 - 2014-09-25 17:25 - 00001806 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk 2014-09-25 17:25 - 2014-09-25 17:25 - 00001800 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk 2014-09-25 17:25 - 2014-09-25 17:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 2014-09-25 17:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2014-09-25 17:24 - 2014-09-25 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2014-09-25 17:24 - 2014-09-25 17:27 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2 2014-09-25 16:33 - 2014-09-25 16:34 - 00000000 ____D () C:\Programme\Mozilla Firefox 2014-09-25 14:58 - 2014-09-25 14:58 - 00048482 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip 2014-09-04 21:42 - 2014-09-04 21:43 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\mona_spain2014 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 08:30 - 2014-01-11 22:55 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-01 07:26 - 2014-01-12 19:13 - 00000334 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-09-30 23:30 - 2014-01-11 22:55 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-30 22:07 - 2014-01-09 20:20 - 00000000 ___RD () C:\Programme 2014-09-30 22:00 - 2014-01-09 21:05 - 00378363 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-30 00:25 - 2014-01-09 21:18 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom\ntuser.ini 2014-09-30 00:02 - 2014-06-28 13:11 - 00000530 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job 2014-09-30 00:00 - 2014-01-12 11:10 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom_2\ntuser.ini 2014-09-29 18:42 - 2014-01-09 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-29 18:42 - 2014-01-09 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-09-29 18:40 - 2014-01-09 21:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-29 18:40 - 2014-01-09 21:09 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService 2014-09-29 18:40 - 2001-08-18 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-29 18:37 - 2014-08-13 08:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2014-09-29 18:36 - 2014-01-09 21:10 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-29 18:00 - 2014-01-09 20:20 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2014-09-28 21:13 - 2014-01-12 11:10 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom_2\Eigene Dateien\Eigene Bilder 2014-09-28 19:45 - 2014-01-12 11:10 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart 2014-09-28 19:44 - 2001-08-18 13:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-09-28 19:35 - 2014-01-09 21:01 - 00000327 __RSH () C:\boot.ini 2014-09-28 19:32 - 2014-01-09 21:18 - 00000000 ___RD () C:\Dokumente und Einstellungen\tom\Startmenü\Programme 2014-09-27 20:41 - 2014-01-20 17:50 - 00452809 _____ () C:\WINDOWS\setupapi.log 2014-09-27 12:58 - 2014-01-11 21:47 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2014-09-26 21:00 - 2014-01-20 17:00 - 00000190 ___SH () C:\Dokumente und Einstellungen\Administrator\ntuser.ini 2014-09-26 17:40 - 2014-07-25 19:15 - 00000041 ___SH () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib 2014-09-26 17:39 - 2014-01-09 20:18 - 00295664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-25 17:27 - 2014-01-09 21:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService 2014-09-20 19:55 - 2014-06-15 14:27 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\vlc 2014-09-14 19:35 - 2014-01-13 21:04 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\vertrag 2014-09-13 23:16 - 2014-01-12 22:23 - 00000868 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Winsol.lnk 2014-09-13 22:18 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2 2014-09-01 18:26 - 2014-08-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\Bogenschießen pcad4 ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ |
|
02.10.2014, 07:28
| #12 |
| /// the machine /// TB-Ausbilder | Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? Java und Flash updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? |
| antivirus, branding, browser, downloader, einstellungen, fehlercode 28, flash player, homepage, mailanhang, mozilla, pup.optional.alexatb.a, pup.optional.ask.a, pup.optional.clientconnect, pup.optional.softonic.a, refresh, registry, safer networking, security, software, svchost.exe, vcredist, win32/cnetinstaller.b, win32/downloadsponsor.a, win32/installmonetizer.aq, win32/softonicdownloader.f, win32/toolbar.babylon.c, windows, windows xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
